Fedora 32 Might Disallow Empty Passwords For Local Users By Default

Currently Fedora Linux supports empty passwords for local users by default but that could change with next year's Fedora 32 release.

Fedora's PAM module currently enables the "nullok" parameter to allow for null/empty passwords for users. Though a password is obviously required for root and the OpenSSH server configuration doesn't allow empty passwords. But with Fedora 32 there is a proposal to no longer allow empty passwords by default for local users.

This is being done in the name of security hardening of the systems, but not everyone is buying into this reasoning. Some current Fedora bits around the Live images may run into issues among other tooling problems plus some users preferring empty passwords when it comes to throw-away VMs, routinely touched test systems not in production, and other use-cases where local security isn't a concern.

The proposal can be found on their wiki along with the various actions that would need to be taken with changing the default behavior. However, on the Fedora mailing list there are a number of individuals so far dissenting from this plan due to the minimal hardening improvement but interrupting possible existing workflows.

We'll see what the Fedora Engineering and Steering Committee has to say about this idea for F32 in the weeks ahead.