This patch exports a new option, `password_next_logon`, which determines
what will happen at the next logon in certain conditions. The option
can accept three possible arguments: `always`, which forces the user
to change the password at next logon, 'no', which doesn't change anything
and `clear_text_injected_only`, which forces the user to change the password
at the next logon if the password comes in clear text from the metadata.
Change-Id: Ic6a0526ea9c9902e183898c42497133a135b5c53
47e52e2e34