When a controller is created (`juju bootstrap`) the system user gains and logs in as the initial Juju user administrator of that controller. This user is provided an internal password only (~/.local/share/juju/accounts.yaml) and, because of this, can not log out (`juju logout`) without receiving an ugly message [1]. Seeing that such a logout attempt may be made a long time after controller-creation time this issue also has the potential of being unsettling and confusing. This limitation is also felt if the system account will ever be used for multiple Juju user accounts. Since non-admin users get a real password set (`juju register`) it makes sense for admins to also have a password to make everything consistent and simple. One solution is to, once the controller is created, print text urging the admin to create a password.
[1]:
--------- >8 ---------
ERROR preventing account loss
It appears that you have not changed the password for
your account. If this is the case, change the password
first before logging out, so that you can log in again
afterwards. To change your password, run the command
"juju change-user-password".
If you are sure you want to log out, and it is safe to
clear the credentials from the client, then you can run
this command again with the "--force" flag.
--------- 8< ---------
I am not convinced that this is necessary. We are now using macaroons and, in any case, letting admin users know that they need to have a password when logging out is cleaner than creating admin users with passwords. There are plenty situations were it is not needed.
In scenarios where it is needed, admin users create passwords anyway as part of the normal workflow, so are not confronted with the message.