LTM system-auth file. Is it safe to remove 'nullok'

Looking to make a standard looking configuration more secure if it won't break normal operations of an LTM pair...

From a security perspective having 'nullok' in the /pam.d/system-auth file can be viewed as a vulnerability. IE: auth sufficient /lib/security/pam_unix.so try_first_pass likeauth nullok password sufficient /lib/security/pam_unix.so nullok use_authtok sha512 shadow

Can 'nullok' be removed on an LTM without breaking an automated synchronization (or other system) process between peer LTMs? If so is there a CLI command to update this file? A note in the top of the file indicates it is overwritten by the system.