hardening: reject authentication with empty passwd (!759) · Merge requests · Arch Linux / infrastructure

Merged Evangelos Foutras requested to merge pam-unix-reject-empty-passwords into master 1 year ago

Sep 24, 2023

hardening: reject authentication with empty passwd · 6b5a5eea

SSH defaults to disallowing empty passwords but Dovecot has no similar
safeguard (at least not one enabled by default). Remove "nullok" from
/etc/pam.d/system-auth to implement the desired behavior system-wide.

Verified

6b5a5eea

Admin message

hardening: reject authentication with empty passwd

Merge request reports

Activity