Unable to unlock the computer after physlock locked it for passwordless user

[Mizuchi]

I am using updated Arch Linux with the physlock in official repo.

Steps to reproduce the problem.

1. delete user password and root password by "passwd -d"
2. lock screen by performing "physlock"

You might wonder why on earth would I do that? well I did it accidentally since my hotkeys are shared across multiple devices and some are passwordless.

actual behavior

physlock doesn't accept empty password, thus whatever I input, I will get this:

Password:
Authentication failed.

Password:
Authentication failed.

Password:
Authentication failed.

Root: Password:
Authentication failed.

expected behavior

physlock should either accept empty password (e.g. for passwordless user, without typing password should unlock it), or refuse to lock if both user and root are passwordless (otherwise we could never unlock it), slock will refuse to lock if user password is empty, since it never checks root password.

[xyb3rt]

Accepting empty passwords needs enabling in the PAM configuration:

$ man 8 pam_unix
[...]
Options
[...]
nullok
    The default action of this module is to not permit the user access to a service if their official password is blank. The nullok argument overrides this default.