I've added several users, over several days, using the exact same script, with the only input being the username on the command line. The script also generates a random encrypted password, which I can confirm by looking at master.passwd. And all the user accounts seemed to work (until the system became unresponsive).
Recently I saw that the last user to be created this way has no password! My best guess is an un-updated chromium parsed a compromised web page, that ... removed the password (was running a snapshot, not stable). Does that seem plausible? (The compromised user was not logged in (to my knowledge) when I gave up and shut down the computer.)
