2 files changed, 7 insertions, 1 deletions

diff --git a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
index 823fc45f..e0fb4132 100644
--- a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
+++ b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
@@ -3,9 +3,13 @@ help: Encrypted password
 # Allow * or ! to disable account
 #  DES format password (13 characters)
 #  MD5 format ($1) and SHA format passwords
-syntax:expression: ($VAR(@) == "*" || $VAR(*) == "!" \
+syntax:expression: ($VAR(@) == "*" || $VAR(@) == "!" \
   || ( pattern $VAR(@) "^[a-zA-Z0-9\.\/]{13}$" ) \
   || ( pattern $VAR(@) "^\\$1\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{22}$" ) \
   || ( pattern $VAR(@) "^\\$5\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{43}$" ) \
   || ( pattern $VAR(@) "^\\$6\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{86}$" )) \
    ; "Not a valid encrypted password for user $VAR(../../@)"
+
+# Deleting the encrypted password set it to "!" to disable password
+# access for this account, SSH RSA key login will still work.
+delete:expression: $VAR(@) = "!"
\ No newline at end of file
diff --git a/templates/system/login/user/node.tag/authentication/plaintext-password/node.def b/templates/system/login/user/node.tag/authentication/plaintext-password/node.def
index 242a623d..939ff0bc 100644
--- a/templates/system/login/user/node.tag/authentication/plaintext-password/node.def
+++ b/templates/system/login/user/node.tag/authentication/plaintext-password/node.def
@@ -8,3 +8,5 @@ update:expression: $VAR(@) == "" \
 || ($VAR(../encrypted-password/@) \
       = `/usr/bin/mkpasswd --method=sha-512 '$VAR(@)' | tr -d \\\\n` \
     && $VAR(@) = "")
+
+delete:expression: $VAR(@) = ""
\ No newline at end of file