don't allow use old password when change password

Description

at moment, when password expiate user must change password.
configuration CHANGE_PASSWORD_MUST_DIFFER don't allow user reuse old password
but after change password, user can reset password to old.
my idea change logic become DON"T_ALLOW_OLD_PASSWORD_FOR_PERIOD_OF_TIME
and admin can define num of day.
user can't reuse old password has age in this range.
example: define DON"T_ALLOW_OLD_PASSWORD_FOR_PERIOD_OF_TIME = 30
user can't reset to password has age < 30 day + expiate

other i thinks this configuration and USER_LOCKING_MAX_PASSWORD_AGE_DAY should move to Password Rules
wdyt?

Environment

None

Status

Assignee

Unassigned

Reporter

Hiep Lq

Labels

Tested By

None

Affects versions

Priority

Minor
Configure