To do from readme #23
Description
TODO
If a user has multiple account, trying to associate with same IUCAS account ends up with basically logging in as the user account that's already associated with the IU CAS account.
iucas/register_newuser. If the uid is already registered, instead of veto-ing, forward user to a special login page and once logged in successfully, associate the IUCAS IU to the user account
Make sure only root (or allowed group of users) can issue token via CLI
Allow admin to reset password via administration/users pagee
Allow user to reset his/her own password
Allow admin to remove account (what should happend to profile and cached profile on other services?)
Add event table logging all authentication related events (change password, etc..)
Don't let user disconnect account if there is only 1 account left that's associated with it
Implement password locking mechanism after repeated failed attempt (not necessary because we delay failed password re-try?)