I believe this feature is working as intended. For example, when you set:
unique_last_password_count = 2
you get an exception if you try to change your password to the same password. It's correct because the value "2" is counting both the old password and "new" one you are trying to change it to.
However, you are correct in that this value is greater than the history of "used" passwords being stored, since we are counting the "new" password being changed as part of the total unique passwords. I wonder if the "last" part of "unique_last_password_count" is the confusing bit here, perhaps this config value could be changed to "unique_password_count" instead? The message for the exception is slightly confusing in this regard too, could change "...number of previous passwords..." to "...number of passwords..."
I believe this feature is working as intended. For example, when you set:
unique_ last_password_ count = 2
you get an exception if you try to change your password to the same password. It's correct because the value "2" is counting both the old password and "new" one you are trying to change it to.
However, you are correct in that this value is greater than the history of "used" passwords being stored, since we are counting the "new" password being changed as part of the total unique passwords. I wonder if the "last" part of "unique_ last_password_ count" is the confusing bit here, perhaps this config value could be changed to "unique_ password_ count" instead? The message for the exception is slightly confusing in this regard too, could change "...number of previous passwords..." to "...number of passwords..."