Run this one on a server with local accounts:
What it does
It locks out every account by setting a locked password, destroying the original password in the process.
Why it works
-r options to
sed enables extended regular expressions, the
options edits inline.
The regular expression itself puts the username field in backreference 1, and
everything after the password in backreference 2. It then changes the line to
set the password to