What is the impact of removing nullok from pam_unix.so in RHEL PAM configuration?

Solution Verified - Updated -

Issue

  • Removal of nullok from pam_unix module in the system-auth and password-auth files can cause any risk ?
  • Evaluating the removal of the nullok option from pam_unix.so for security compliance.
  • Need to understand the operational and security implications of this change.
  • Removing nullok improves security but may introduce login failures for users with blank passwords.
  • This change is recommended for CIS compliance, STIG alignment, or general hardening practices.
  • Need to understand the operational and security implications of this change.
  • Seeking guidance to safely audit and remove nullok from the PAM configuration.

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • PAM

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content