Password enforcement should require provide current current password when changing password
|Assigned To:||Dominik Hlavac Duran|
|Target version:||Team Marek Iteration 5|
|Found in release:||Pull request:||https://github.com/theforeman/foreman/pull/3921|
|Velocity based estimate||-|
In Satellite, password can be changed without providing the previous one. This means one can change the password of other users in the same group.
We need to mandate that the current password be used when attempting to change to a new password.
We need to ensure that the password change activity is logged (password obscured)