masarati@aero.polimi.it wrote:

OTOH, by strictly interpreting the way its use is discussed in the draft, it should only apply to attempts by "self" to modify the password, so a modification performed by a different identity (provided ACLs permit it) should not be affected.

Yes, that's my understanding too.

Ciao, Michael.