Comment 9 for bug 454256

That would be a PolicyKit bug. Feel free to provide a patch if you think that feature is worth the pain - or go and discuss that on their mailing list. I don't think anybody else will spend time on that as we generally consider it as bad practice. Again, create a separate admin account. If the admin is smart enough to use 'passwd -d' to remove passwords from accounts, he's surely aware of the obvious fact that you *cannot technically authenticate* when you don't have a password at all.