Finaly, i found the problem and i could solve it. SHA-256 is too weak to make a password hash, this is why on first login we need to change password always.

Please fix it in Yocto manual ( https://docs.yoctoproject.org/singleindex.html#term-EXTRA_USERS_PARAMS ). When i set it to generate sha512crypt hash it works fine, there are no any change request on first login.