I think i know where your confusion stems from.
The computer doesn't care at all whether the character is either a '!' or '*' or '%'
it all means the same: 'disable password login'
The difference is there only for the convenience of the sysadmin.
(and for some tools, but i come back to that later)
sysadmins agreed on the use of this symbols to communicate with one another:
'!' to remind himself and his collegues that he disabled the login on pupose
'*' to remind himself and his collegues that a login would make no sense to have on this account (because it belongs to a daemon c.q. system service).
Again, the computer couldn't care less. Both symbols have exactly the same meaning for the computer, both just disable passwordlogin and nothing more.
Try this for yourself:
The admintool passwd -l
, explicitly uses the '!' to disable/enable login of users
this tool is pretty singleminded and braindead about it.
Let's see what it does on daemons which already have disabled passwordlogin
Let's use it, for instance, on the avahi-daemon:
avahi:*:18667:0:99999:7:::
sudo passwd -l avahi
and it leads to this
avahi:!*:18667:0:99999:7:::
Yes, very straightforward indeed
As you can see, it it not even critical. The system doesn't care at all
repeat the command to get it back to what it was
avahi:*:18667:0:99999:7:::
( b.t.w. What we immediately can learn from this is that passwd -l
can never enable passwordlogin for a daemon because it only manipulates the '!' but leaves the rest intact )