Comment 1 for bug 1521554

So the reason for this is somewhat historical.
You should be able to use 'lock_passwd' for either case, but lock-passwd will only affect non-default users.