I'd love to see support for the use of cracklib, where the Admin can define the password criteria on a per-domain basis, in a simple screen...
# of Upper Case characters:
# of Lower Case characters:
# of Number characters:
# of Non-AlphaNumeric characters:
Hmmm... duration would also require Cron support I guess... and also the ability to send email notifications (similar to Quota notifications) so the user knows when they need to change it - maybe even with a link to a secure change password page so if they let it expire, they can still go change it without having to call support...