OTOH, by strictly interpreting the way its use is discussed in the
it should only apply to attempts by "self" to modify the password, so a
modification performed by a different identity (provided ACLs permit it)
should not be affected.
Yes, that's my understanding too.