Skip to content

hardening: reject authentication with empty passwd

Evangelos Foutras requested to merge pam-unix-reject-empty-passwords into master

SSH defaults to disallowing empty passwords but Dovecot has no similar safeguard (at least not one enabled by default). Remove "nullok" from /etc/pam.d/system-auth to implement the desired behavior system-wide.

Merge request reports

Loading