Comment 2 for bug 1200283

The implications of using 'nullok' instead of 'nullok_secure' are that *all* services will allow passwordless access to the account, including remote services. It is not reasonable to use 'nullok' as a system-level setting, because this means, for instance, that if the user installs openssh-server, their machine can instantly be rooted remotely.

So pam is the wrong place to solve this. It seems to me that the system settings panel should instead directly manage a combination of lightdm, policykit, and sudo configuration options to enable passwordless access.