Hi,
I think it is a good idea to authorize users with blank password. So we can use ldap to have systems account that only can connect with public key.
Cheers