As reported in bug #3029, it is not possible to log in as a user with empty password. Furthermore, the error message printed in this case is incorrect. PAM_pwdb uses the function pwdb_strerror() to format the error message, but the error code is a PAM code, not a PWDB code, so the correct function is pam_strerror(). I suggest the following patch: *** support.-c~ Thu Apr 8 03:19:52 1999 --- support.-c Mon Jul 26 17:14:17 1999 *************** *** 464,470 **** retval = pwdb_run_helper_binary(pamh, p); } else { retval = PAM_AUTHINFO_UNAVAIL; ! _log_err(LOG_ALERT, "get passwd; %s", pwdb_strerror(retval)); } (void) pwdb_delete(&pw); p = NULL; --- 464,470 ---- retval = pwdb_run_helper_binary(pamh, p); } else { retval = PAM_AUTHINFO_UNAVAIL; ! _log_err(LOG_ALERT, "get passwd; %s", pam_strerror(pamh, retval)); } (void) pwdb_delete(&pw); p = NULL;
This should be fixed in pam-0.68-3 and later