Comment 5 for bug 104957

This is untested, but the problem might be this:

pam-0.79/Linux-PAM/modules/pam_unix/support.c: _unix_blankpasswd contains the following:

 if ((retval == 1) && on(UNIX_NULLOK_SECURE, ctrl)) {
  int retval2;
  const char *uttyname;
  retval2 = pam_get_item(pamh, PAM_TTY, (const void **)&uttyname);
  if (retval2 != PAM_SUCCESS || uttyname == NULL)
   return 0;

  if (_pammodutil_tty_secure(uttyname) != PAM_SUCCESS)
   return 0;
 }

It appears that the tty is always checked if the password is blank.
Can anybody confirm that this is, in fact, the problem? Why is this check performed?