Index: jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd
===================================================================
--- jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd	(revision 1469826)
+++ jackrabbit-core/src/main/resources/org/apache/jackrabbit/core/nodetype/builtin_nodetypes.cnd	(working copy)
@@ -603,7 +603,7 @@
   - rep:impersonators (STRING) protected multiple
 
 [rep:User] > rep:Authorizable, rep:Impersonatable
-  - rep:password (STRING) protected mandatory
+  - rep:password (STRING) protected
   - rep:disabled (STRING) protected
 
 [rep:Group] > rep:Authorizable
Index: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
===================================================================
--- jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java	(revision 1469826)
+++ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java	(working copy)
@@ -737,7 +737,12 @@
      */
     void setPassword(NodeImpl userNode, String password, boolean forceHash) throws RepositoryException {
         if (password == null) {
-            throw new IllegalArgumentException("Password may not be null.");
+            if (userNode.isNew()) {
+                // allow creation of system-only users with 'null' passwords that cannot login
+                return;
+            } else {
+                throw new IllegalArgumentException("Password may not be null.");
+            }
         }
         String pwHash;
         if (forceHash || PasswordUtility.isPlainTextPassword(password)) {
Index: jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java
===================================================================
--- jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java	(revision 1469826)
+++ jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java	(working copy)
@@ -151,16 +151,10 @@
         }
     }
 
-    public void testCreateUserWithNullPassword() throws RepositoryException {
-        try {
-            Principal p = getTestPrincipal();
-            User user = createUser(p.getName(), null);
-            createdUsers.add(user);
-
-            fail("A User cannot be built with 'null' password");
-        } catch (Exception e) {
-            // ok
-        }
+    public void testCreateUserWithNullPassword() throws RepositoryException, NotExecutableException {
+        Principal p = getTestPrincipal();
+        User user = createUser(p.getName(), null);
+        createdUsers.add(user);
     }
 
     public void testCreateUserWithEmptyPassword() throws RepositoryException, NotExecutableException {