If shadow password is not enabled on installation, only root can log in (/etc/pam.d/login needs tweaking).
Maybe this is really just a manifestation of bug #3029 with empty passwords?
Cannot duplicate.