disable KADM5_PASS_REUSE error case?

[Nico Williams]

Remember, policies are now extensible.  So you could add a bit in the
*policy* that says that it's OK for a user to change the password to
one used previously.  OR, we might extend *principals* to say this.
Chris' use case is for password resets, so setting a flag in the
principal when resetting its password, then resetting that flag upon
password change would suffice.