There is another reason I forgot about for creating a custom login creation script. In one environment I was in user accounts, host namespace, and other goodies were kept in a RDBMS. Several times a day the user namespace would be rebuilt using a query to determine new accounts and build them and then rebuild the /etc/password file, /etc/shadow file, NIS, or NIS+ whichever poison was being used in a particular "zone". The passwords were stored in the RDMS already encrypted and users changed their password by interacting with a client app instead of the usual "passwd" command.