> well i was thinking that since we provide a way to check a password
> against a policy, it might be desired to use this api exclusively
> when doing so, making the code look like:
> 
> 	if (policy_is_not_loaded)
> 		load alternate policy;
> 	check with pw_policy_test();
> 
> ...which might prove to be easier to do in some cases (i think).

does really "alternate policy" need to be application specific?

> would it be possible to avoid memory allocation and just typedef
> the struct? (say, pw_policy_t)

IMO, hiding implementation details is a good enough reason to use malloc.

YAMAMOTO Takashi