diff --git a/config-joey.hs b/config-joey.hs
index b41af4a..c1eb0a2 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -57,8 +57,7 @@ testvm = host "testvm.kitenet.net"
 	& os (System (Debian Unstable) "amd64")
 	& OS.cleanInstallOnce (OS.Confirmed "testvm.kitenet.net")
 	 	`onChange` propertyList "fixing up after clean install"
-	 		[ User.shadowConfig True
-			, OS.preserveRootSshAuthorized
+	 		[ OS.preserveRootSshAuthorized
 			, OS.preserveResolvConf
 			, Apt.update
 			, Grub.boots "/dev/sda"
diff --git a/debian/changelog b/debian/changelog
index 7ee1198..4bb387c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,8 @@ propellor (1.1.0) UNRELEASED; urgency=medium
   * hasSomePassword and hasPassword now default to using the name of the
     host as the Context for the password. To specify a different context,
     use hasSomePassword' and hasPassword' (API change)
+  * hasSomePassword and hasPassword now check to make sure shadow passwords
+    are enabled.
   * cron.runPropellor now runs propellor, rather than using its Makefile.
     This is more robust.
   * propellor.debug can be set in the git config to enable more persistent
diff --git a/src/Propellor/Property/Debootstrap.hs b/src/Propellor/Property/Debootstrap.hs
index 35d9e47..b4fd265 100644
--- a/src/Propellor/Property/Debootstrap.hs
+++ b/src/Propellor/Property/Debootstrap.hs
@@ -2,7 +2,9 @@ module Propellor.Property.Debootstrap (
 	Url,
 	DebootstrapConfig(..),
 	built,
+	built',
 	installed,
+	sourceInstall,
 	programPath,
 ) where
 
@@ -54,11 +56,14 @@ toParams (c1 :+ c2) = toParams c1 <> toParams c2
 -- Note that reverting this property does not stop any processes
 -- currently running in the chroot.
 built :: FilePath -> System -> DebootstrapConfig -> RevertableProperty
-built target system@(System _ arch) config =
+built = built' (toProp installed)
+
+built' :: Property -> FilePath -> System -> DebootstrapConfig -> RevertableProperty
+built' installprop target system@(System _ arch) config =
 	RevertableProperty setup teardown
   where
 	setup = check (unpopulated target <||> ispartial) setupprop
-		`requires` toProp installed
+		`requires` installprop
 	
 	teardown = check (not <$> unpopulated target) teardownprop
 	
diff --git a/src/Propellor/Property/OS.hs b/src/Propellor/Property/OS.hs
index 30f8c4b..22414bb 100644
--- a/src/Propellor/Property/OS.hs
+++ b/src/Propellor/Property/OS.hs
@@ -45,8 +45,7 @@ import Control.Exception (throw)
 -- > & os (System (Debian Unstable) "amd64")
 -- > & cleanInstallOnce (Confirmed "foo.example.com")
 -- >    `onChange` propertyList "fixing up after clean install"
--- >        [ User.shadowConfig True
--- >        , preserveNetworkInterfaces
+-- >        [ preserveNetworkInterfaces
 -- >        , preserveResolvConf
 -- >        , preserverRootSshAuthorized
 -- >        , Apt.update
@@ -78,9 +77,19 @@ cleanInstallOnce confirmation = check (not <$> doesFileExist flagfile) $
 		(Just d@(System (Debian _) _)) -> debootstrap d
 		(Just u@(System (Ubuntu _) _)) -> debootstrap u
 		_ -> error "os is not declared to be Debian or Ubuntu"
-	debootstrap targetos = ensureProperty $ toProp $
-		Debootstrap.built newOSDir targetos Debootstrap.DefaultConfig
 	
+	debootstrap targetos = ensureProperty $ toProp $
+		-- Ignore the os setting, and install debootstrap from
+		-- source, since we don't know what OS we're running in yet.
+		Debootstrap.built' Debootstrap.sourceInstall
+			newOSDir targetos Debootstrap.DefaultConfig
+		-- debootstrap, I wish it was faster.. 
+		-- TODO eatmydata to speed it up
+		-- Problem: Installing eatmydata on some random OS like
+		-- Fedora may be difficult. Maybe configure dpkg to not
+		-- sync instead?
+
+	-- This is the fun bit.
 	flipped = property (newOSDir ++ " moved into place") $ liftIO $ do
 		-- First, unmount most mount points, lazily, so
 		-- they don't interfere with moving things around.
@@ -173,7 +182,7 @@ confirmed desc (Confirmed c) = property desc $ do
 -- | /etc/network/interfaces is configured to bring up all interfaces that
 -- are currently up, using the same IP addresses.
 preserveNetworkInterfaces :: Property
-preserveNetworkInterfaces = undefined
+preserveNetworkInterfaces = undefined -- TODO
 
 -- | /etc/resolv.conf is copied the from the old OS
 preserveResolvConf :: Property
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index ccb69b2..5c8e768 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -44,13 +44,15 @@ hasPassword user = property (user ++ "has password") $ do
 	ensureProperty $ hasPassword' user (Context hostname)
 
 hasPassword' :: UserName -> Context -> Property
-hasPassword' user context = withPrivData (Password user) context $ \getpassword ->
-	property (user ++ " has password") $
-		getpassword $ \password -> makeChange $
-			withHandle StdinHandle createProcessSuccess
-				(proc "chpasswd" []) $ \h -> do
-					hPutStrLn h $ user ++ ":" ++ password
-					hClose h
+hasPassword' user context = go `requires` shadowConfig True
+  where
+	go = withPrivData (Password user) context $ \getpassword ->
+		property (user ++ " has password") $
+			getpassword $ \password -> makeChange $
+				withHandle StdinHandle createProcessSuccess
+					(proc "chpasswd" []) $ \h -> do
+						hPutStrLn h $ user ++ ":" ++ password
+						hClose h
 
 lockedPassword :: UserName -> Property
 lockedPassword user = check (not <$> isLockedPassword user) $ cmdProperty "passwd"