Index: lib/libpam/modules/pam_unix/pam_unix.c =================================================================== --- lib/libpam/modules/pam_unix/pam_unix.c +++ lib/libpam/modules/pam_unix/pam_unix.c @@ -94,6 +94,7 @@ struct passwd *pwd; int retval; const char *pass, *user, *realpw, *prompt; + const char *nopasswd = ""; if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) { user = getlogin(); @@ -116,12 +117,22 @@ PAM_LOG("Password is empty, using fake password"); realpw = "*"; } + /* + * Check whether the saved password hash matches the one + * generated from an empty password - as opposed to empty + * saved password hash, which is handled above. + */ + if (strcmp(crypt(nopasswd, realpw), realpw) == 0 && + !(flags & PAM_DISALLOW_NULL_AUTHTOK) && + openpam_get_option(pamh, PAM_OPT_NULLOK)) + return (PAM_SUCCESS); lc = login_getpwclass(pwd); } else { PAM_LOG("Doing dummy authentication"); realpw = "*"; lc = login_getclass(NULL); } + prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL); retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt); login_close(lc);