subjectManager.createPrincipal(subjectManager.getOverlord(), new_user.getName(), "my-password");
assert subjectManager.isUserWithPrincipal(new_user.getName());
// make sure it was persisted and you can actually login with it
assert new_user.getId() != 0;
Subject login_new_user = subjectManager.loginUnauthenticated(new_user.getName());
assert login_new_user.equals(new_user);
new_user = login_new_user; // login_new_user was given a new session ID
subjectManager.changePassword(new_user, new_user.getName(), "my-new-password");
subjectManager.changePassword(rhqadmin, new_user.getName(), "my-new-password"); // see that rhqadmin can change it too