Hi,

I've written concept code, still work in progress, that allows an
admin to set a password policy in /etc/passwd.conf.

The current version has the following options when setting a policy:
minlen, maxlen, upper, lower, digits, punct.

minlen/maxlen - define the min. and max. length of the password. Zero
means no limit.
upper/lower/digits/punct - define what character sets are required to
be in the password. The first word should be ``yes'' or ``no''; an
optional argument can be in the form of ``N,M'', requiring at least
N characters of that class, but not more than M characters. Zero means
no limit here too.

An example entry in /etc/passwd.conf for at least 8 character passwords
combining both upper/lower case and digits can be:

policy:
  minlen = 8
  upper = yes
  lower = yes
  digits = yes

The code is available from
ftp://ftp.netbsd.org/pub/NetBSD/misc/elad/policy.c. It can very easily
be extended to support more policies. (for example, dictionary lists, if
people still care :)

Comments?

-e.

-- 
Elad Efrat
PGP Key ID: 0x666EB914