hardening: reject authentication with empty passwd (!759) · Merge requests · Arch Linux / infrastructure

Evangelos Foutras requested to merge pam-unix-reject-empty-passwords into master Sep 16, 2023

SSH defaults to disallowing empty passwords but Dovecot has no similar safeguard (at least not one enabled by default). Remove "nullok" from /etc/pam.d/system-auth to implement the desired behavior system-wide.

Admin message

hardening: reject authentication with empty passwd

Merge request reports