Changes a user's password to an automatically generated one which is printed to stdout. The user must already exist.
Use zato sso change-user-password if you would like to control what password will be set for user.
The auto-generated password is 192-bit strong. Data comes from a strong cryptographic source using Python's os.urandom function.
The password is printed to stdout once only and it is not possible to retrieve it afterwards.
Optionally, sets a non-default expiry for password or a flag to force the user to change the password on next login.
The absence of --must-change means that its existing value will not be changed - for instance, if the flag is already true in the database and it was not given on input, it will continue to be true.