At authentication time, if the following three conditions are met, user authentication is bypassed.
1. Allow-NULL-Password environment variable is set to TRUE.
2. The User-Password or CHAP-Password must be NULL in the incoming request. (If it is not NULL,
normal password checking will occur.)
3. A user record exists for this user.
More details about this is given in the link.
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/3_0/users/wireless.pdf