>>	pls try etc/security revision 1.77.
>imho, checking the length is better...unless you wanna make sturdier
>regular expressions that contrain the length and content of the
>password strings.  this
>                    $2 !~ /\$1/ &&
>                    $2 !~ /\$2/ &&
>is a little redundant (the 1 and the 2 could just be tossed into a
>character class) and it just makes sure the password strings contain
>$! or $2, but makes no insistence on where it occurs or how the rest
>of the string is formed.

	they are corrected to:
                    $2 !~ /^\$1/ &&
                    $2 !~ /^\$2/ &&

itojun