diff --git a/options.h b/options.h
index 6214c1a58a2999a37f2a3b3fde08414e8712e2c1..9b03cdba05d1132f9f85b342a5ee8ef3991a6bcd 100644
--- a/options.h
+++ b/options.h
@@ -180,11 +180,6 @@ much traffic. */
 #define ENABLE_SVR_PUBKEY_OPTIONS
 #endif
 
-/* Define this to allow logging in to accounts that have no password specified.
- * Public key logins are allowed for blank-password accounts regardless of this
- * setting. */
-/* #define ALLOW_BLANK_PASSWORD */
-
 #define ENABLE_CLI_PASSWORD_AUTH
 #define ENABLE_CLI_PUBKEY_AUTH
 #define ENABLE_CLI_INTERACT_AUTH
diff --git a/runopts.h b/runopts.h
index 6d1086b2f9e02140387cc9b037da475f11fa92b8..9cd84d07864be86ca7b44b6c9d5baf047e3de821 100644
--- a/runopts.h
+++ b/runopts.h
@@ -89,6 +89,7 @@ typedef struct svr_runopts {
 
 	int noauthpass;
 	int norootpass;
+	int allowblankpass;
 
 #ifdef ENABLE_SVR_REMOTETCPFWD
 	int noremotetcp;
diff --git a/svr-auth.c b/svr-auth.c
index ee2b89f788e1f7d4f2ae7d0b383e8d4917d5c067..404232e55812279472c664317fd7dd1602bbc5f8 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -154,8 +154,8 @@ void recv_msg_userauth_request() {
 			strncmp(methodname, AUTH_METHOD_NONE,
 				AUTH_METHOD_NONE_LEN) == 0) {
 		TRACE(("recv_msg_userauth_request: 'none' request"))
-#ifdef ALLOW_BLANK_PASSWORD
-		if (!svr_opts.noauthpass 
+		if (svr_opts.allowblankpass
+				&& !svr_opts.noauthpass
 				&& !(svr_opts.norootpass && ses.authstate.pw_uid == 0) 
 				&& ses.authstate.pw_passwd[0] == '\0') 
 		{
@@ -167,7 +167,6 @@ void recv_msg_userauth_request() {
 			goto out;
 		}
 		else
-#endif
 		{
 			send_msg_userauth_failure(0, 0);
 			goto out;
diff --git a/svr-authpasswd.c b/svr-authpasswd.c
index c8c83f91d978bad4b4c54258f53f8f35f45c0a8d..38fccc2edfc25331c0ed00ea03990ddb107726a4 100644
--- a/svr-authpasswd.c
+++ b/svr-authpasswd.c
@@ -29,6 +29,7 @@
 #include "buffer.h"
 #include "dbutil.h"
 #include "auth.h"
+#include "runopts.h"
 
 #ifdef ENABLE_SVR_PASSWORD_AUTH
 
diff --git a/svr-runopts.c b/svr-runopts.c
index 2e5edc53c5ea850ccf79dae6dd955aaba54749a8..1cd39ffd1785992df3b627651ec6cc9900c2b9b2 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -63,6 +63,7 @@ static void printhelp(const char * progname) {
 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
 					"-s		Disable password logins\n"
 					"-g		Disable password logins for root\n"
+					"-B		Allow blank password logins\n"
 #endif
 #ifdef ENABLE_SVR_LOCALTCPFWD
 					"-j		Disable local port forwarding\n"
@@ -115,6 +116,7 @@ void svr_getopts(int argc, char ** argv) {
 	svr_opts.norootlogin = 0;
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
+	svr_opts.allowblankpass = 0;
 	svr_opts.inetdmode = 0;
 	svr_opts.portcount = 0;
 	svr_opts.hostkey = NULL;
@@ -234,6 +236,9 @@ void svr_getopts(int argc, char ** argv) {
 				case 'g':
 					svr_opts.norootpass = 1;
 					break;
+				case 'B':
+					svr_opts.allowblankpass = 1;
+					break;
 #endif
 				case 'h':
 					printhelp(argv[0]);