Though we have the acl genpass [bits] command to aid in generation of strong passwords, it would be useful for security administrator to create login only with an initial password - at next login, would be forced to change that by requisite team member.

This will ensure that security administrators aren't aware of any passwords which they need not know for maintaining better separation of duties.

Thank you.