Nathan, Richard,

I meant that the rules I propose combined with a minimum length (be it 6 or 8 characters) should suffice.
 Together with a policy that does history checking, lockouts and expiration we would have a secure enterprise setting, right?
Off course I  agree that fds should setup reasonable default values which can be upgraded or downgraded by the directory admin.