diff -up openssh-5.3p1/auth1.c.skip-initial openssh-5.3p1/auth1.c
--- openssh-5.3p1/auth1.c.skip-initial	2009-03-08 01:40:28.000000000 +0100
+++ openssh-5.3p1/auth1.c	2009-10-02 13:55:00.000000000 +0200
@@ -244,7 +244,7 @@ do_authloop(Authctxt *authctxt)
 	    authctxt->valid ? "" : "invalid user ", authctxt->user);
 
 	/* If the user has no password, accept authentication immediately. */
-	if (options.password_authentication &&
+	if (options.permit_empty_passwd && options.password_authentication &&
 #ifdef KRB5
 	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif
diff -up openssh-5.3p1/auth2-none.c.skip-initial openssh-5.3p1/auth2-none.c
--- openssh-5.3p1/auth2-none.c.skip-initial	2009-03-08 01:40:28.000000000 +0100
+++ openssh-5.3p1/auth2-none.c	2009-10-02 13:56:21.000000000 +0200
@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt)
 {
 	none_enabled = 0;
 	packet_check_eom();
-	if (options.password_authentication)
+	if (options.permit_empty_passwd && options.password_authentication)
 		return (PRIVSEP(auth_password(authctxt, "")));
 	return (0);
 }