Comment 4 for bug 1923045

I've made some progress with debugging.

- the account hadmut1 is created if the identity:-section is completely removed from user-data, so identity is not 'optional', but exclusive.

- it does not exist immediately when the first boot prompt comes, it is delayed. You have to wait until you see around one and a half screens full of log messages

- I could log in only over ssh and ssh-key with additional kvm option -nic user,model=virtio,hostfwd=tcp::2222-:22, not with password, because I had copied the password entry from the identity section to use the default 'ubuntu' password. Doesn't work, because in the identity:-section the password entry tag is password:, while in the users section it is passwd: . If you name it password:, it is not found and thus not set.

- even if the password is given with the passwd: tag, it is not possible to login with that password, because the entry in /etc/shadow looks like this:

hadmut1:!$6$exDY1mhS4KUYCE/2$zmn9ToZwTKLhCw.b4/b.ZRTIZM30JZ4QrOQ2aOXJ8yk96xpcCof0kxKwuX1kqLG/ygbJ1f8wxED22bTL4F46P0:18728:0:99999:7:::

Note the ! the hash begins with. That's inhibiting password use. However, the account is not completely locked, since login with ssh is still possible.

I found by googling, that there is an additional field

lock_passwd: true

which might have a default value of true. I'll check this.