Right now a default root user is created on startup.
Ideally there would initially be no user, and the administrator would some privileged back-channel to create the first user.