diff --git a/settings.json.template b/settings.json.template
index 27d605c98..5f94d3ada 100644
--- a/settings.json.template
+++ b/settings.json.template
@@ -50,6 +50,9 @@
  * 2) Beware of undefined variables and default values: nulls and empty strings
  *    are different!
  *
+ *    This is particularly important for user's passwords (see the relevant
+ *    section):
+ *
  *    "password": "${PASSW}"  // if PASSW is not defined would result in password === null
  *    "password": "${PASSW:}" // if PASSW is not defined would result in password === ''
  *
@@ -358,12 +361,14 @@
   /*
   "users": {
     "admin": {
-      // "password" can be replaced with "hash" if you install ep_hash_auth
+      // 1) "password" can be replaced with "hash" if you install ep_hash_auth
+      // 2) please note that if password is null, the user will not be created
       "password": "changeme1",
       "is_admin": true
     },
     "user": {
-      // "password" can be replaced with "hash" if you install ep_hash_auth
+      // 1) "password" can be replaced with "hash" if you install ep_hash_auth
+      // 2) please note that if password is null, the user will not be created
       "password": "changeme1",
       "is_admin": false
     }
diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js
index 23a792ffd..1b2c22109 100644
--- a/src/node/utils/Settings.js
+++ b/src/node/utils/Settings.js
@@ -629,6 +629,27 @@ exports.reloadSettings = function reloadSettings() {
     console.info(`Using skin "${exports.skinName}" in dir: ${skinPath}`);
   }
 
+  if (exports.users) {
+    /*
+     * Prune from export.users any user that has no password attribute, or whose
+     * password attribute is "null".
+     *
+     * This is used by the settings.json in the default Dockerfile to eschew
+     * creating an admin user if no password is set.
+     */
+    var filteredUsers = _.filter(exports.users, function(user, username) {
+      if ((user.hasOwnProperty("password")) || user.password !== null) {
+        return true;
+      }
+
+      console.warn(`The password for ${username} is null. This means the user must not be created. Removing it.`);
+
+      return false;
+    });
+
+    exports.users = filteredUsers;
+  }
+
   if (exports.abiword) {
     // Check abiword actually exists
     if (exports.abiword != null) {