Fedora 32 Might Disallow Empty Passwords For Local Users By Default
Written by Michael Larabel in Fedora on 26 November 2019 at 11:36 AM EST. 41 Comments
Currently Fedora Linux supports empty passwords for local users by default but that could change with next year's Fedora 32 release.

Fedora's PAM module currently enables the "nullok" parameter to allow for null/empty passwords for users. Though a password is obviously required for root and the OpenSSH server configuration doesn't allow empty passwords. But with Fedora 32 there is a proposal to no longer allow empty passwords by default for local users.

This is being done in the name of security hardening of the systems, but not everyone is buying into this reasoning. Some current Fedora bits around the Live images may run into issues among other tooling problems plus some users preferring empty passwords when it comes to throw-away VMs, routinely touched test systems not in production, and other use-cases where local security isn't a concern.

The proposal can be found on their wiki along with the various actions that would need to be taken with changing the default behavior. However, on the Fedora mailing list there are a number of individuals so far dissenting from this plan due to the minimal hardening improvement but interrupting possible existing workflows.

We'll see what the Fedora Engineering and Steering Committee has to say about this idea for F32 in the weeks ahead.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week