Yup, you're right. I could swear I was unlocking it.
Ok, so after following the steps I can confirm that setting a new password for the user after it has been set to not require a password to log in, does indeed keep the user in the nopasswd group, and so even though you have set a new password for the user you do not need to use it to log in.
However - I'm not sure if this is a bug or a feature.
My rationale is that setting a password for the user could be considered orthogonal to actually requiring that user to *use* the password in order to log in, as opposed to say, unlocking the user panel in settings.
I will speak to the team and see what people think.
Yup, you're right. I could swear I was unlocking it.
Ok, so after following the steps I can confirm that setting a new password for the user after it has been set to not require a password to log in, does indeed keep the user in the nopasswd group, and so even though you have set a new password for the user you do not need to use it to log in.
However - I'm not sure if this is a bug or a feature.
My rationale is that setting a password for the user could be considered orthogonal to actually requiring that user to *use* the password in order to log in, as opposed to say, unlocking the user panel in settings.
I will speak to the team and see what people think.