Adam Williamson wrote on Mon, Nov 25, 2019 at 03:55:28PM -0800:
I gotta say +1 too. I don't buy that there's a significant
'hardening'
benefit worth all the effort mentioned in the Change *plus* the
additional consequences Kevin and Martin pointed out. At minimum I'd
like to see a much more convincing case that people are creating users
without passwords without understanding what they're doing.
FWIW this has happened at an association I help at -- they had VMs with
no root password set, and users created by puppet some of whom have
sudo.
They just expected no root password = no login possible, but it turns
out 'su' just gave out a root shell with no password entered...
It's easy to fix once I realized that, but it had been that way for
quite a while until then; I'd definitely support removing nullok on the
default install.
--
Dominique