oitable bug. Also, these tools can be accessible in 
cases that the terminal is not - e.g. in locked down kiosks.
A lot of /r/confidentlyincorrect material in that thread. It doesn't 
appear to be distribution specific. I checked the Ubuntu and Debian 
accountsservice packages, and both set the same polkit policy as Arch, 
and probably both will show the same behavior. It has nothing to do 
with sudo, unless you have passwordless sudo turned on.

Given that the KDE bug is confirmed, there seems to be agreement that 
this behavior is undesirable, but nobody knows the right way to fix it 
yet. https://bugs.kde.org/show_bug.cgi?id=378984

One of the KDE developers seems to have tried to get it fixed in 
polkit: https://bugs.freedesktop.org/show_bug.cgi?id=97518

But polkit declined to take the patch since *as submitted* it would 
allow the user to bypass admin-set password sanity rules (e.g. must 
have a certain level of complexity). It looked like they would accept a 
followup patch to enforce these rules, but nobody submitted one.

You can change the policy yourself with a polkit rule:

polkit.addRule(function(action, subject) {
    if ((action.id == "org.freedesktop.accounts.change-own-password")) {
        return polkit.Result.AUTH_SELF;
    }
});

I tested this and can confirm it works in KDE + Arch.
Cheers,
LilianeChange user password in KDE settings: root authorisation requested"Liliane Fontenot" <liliane@liliane.io> undefinedarch-general@lists.archlinux.org undefined‚S‚śg