I meant that the rules I propose combined with a minimum length (be it 6 or
8 characters) should suffice.
Together with a policy that does history checking, lockouts and expiration
we would have a secure enterprise setting, right?
Off course I agree that fds should setup reasonable default values which
can be upgraded or downgraded by the directory admin.