On Wednesday, March 20, 2019 at 5:48:32 PM UTC-4, Simon Clubley wrote: > > I wonder if this one removes the ability to set a new password > without knowing the old password or whether suitably privileged > users can override this. > AUTHORIZE has never called the password policy hooks and still doesn't.