diff --git a/src/etc/one-context.d/loc-20-set-username-password b/src/etc/one-context.d/loc-20-set-username-password
index d2a196f..0bb8226 100755
--- a/src/etc/one-context.d/loc-20-set-username-password
+++ b/src/etc/one-context.d/loc-20-set-username-password
@@ -24,11 +24,14 @@ if ! getent passwd "${USERNAME}" > /dev/null 2>&1; then
     useradd -m "${USERNAME}"
 fi
 
-if [ "${GRANT_SUDO}" == "YES" -a "${USERNAME}" != "root" ]; then
-    if [ ! -f /etc/sudoers.d/${USERNAME} ]; then
-        echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USERNAME}
-        chmod 644 /etc/sudoers.d/${USERNAME}
-    fi
+GRANT_SUDO=${GRANT_SUDO:-YES}
+GRANT_SUDO=$(echo "${GRANT_SUDO}" | tr '[:lower:]' '[:upper:]')
+
+if [ "${GRANT_SUDO}" == "YES" ] && [ "${USERNAME}" != "root" ]; then
+    echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/one-context
+    chmod 0440 /etc/sudoers.d/one-context
+elif [ -f /etc/sudoers.d/one-context ]; then
+    unlink /etc/sudoers.d/one-context
 fi
 
 if [ -n "${CRYPTED_PASSWORD_BASE64}" ]; then
@@ -37,8 +40,24 @@ if [ -n "${CRYPTED_PASSWORD_BASE64}" ]; then
 elif [ -n "${PASSWORD_BASE64}" ]; then
     PASSWORD=$(echo $PASSWORD_BASE64 | base64 -d)
     chpasswd <<< "${USERNAME}:${PASSWORD}"
+
+    if [ $? -ne 0 ]; then
+        passwd "${USERNAME}" <<EOF
+${PASSWORD}
+${PASSWORD}
+EOF
+	fi
 elif [ -n "${CRYPTED_PASSWORD}" ]; then
     usermod -p "${CRYPTED_PASSWORD}" "${USERNAME}"
 elif [ -n "${PASSWORD}" ]; then
     chpasswd <<< "${USERNAME}:${PASSWORD}"
+
+    if [ $? -ne 0 ]; then
+        passwd "${USERNAME}" <<EOF
+${PASSWORD}
+${PASSWORD}
+EOF
+	fi
+else
+    usermod -p '*' "${USERNAME}"
 fi