ahem, i noticed some code changes
ok, if you say, that the complete password strength testing code has 
been moved to Horde_Auth, i'll give it a try

As you already noticed yourself, the complete code for password 
strength testing has been moved since then. A patch that can be 
applied to a 3 months old Git checkout doesn't help at all.

see the last paragraph of my first posting...

New features will only be accepted for Passwd H4. If you are willing 
to create a patch for that, we will look into that.

the patch implements the minDiff and the minNonAlpha policies, both of 
which are present and active in default solaris passwd command behaviour

I don't understand this patch. Why don't you simply configure the 
apropriate values in backends.local.php instead of hardcoding solaris 
values?

on solaris, default passwd policy is:
   minimum length = 6
   minimum alpha characters = 2
   minimum non-alpha (that is numeric and special) = 1
   minimum differences required between an old and a new password = 3

to match this, in my horde installation, i have made the following
obvious changes to passwd-h3-3.1.3/main.php :

======
--- main.php__dist      Sun Jul  5 19:13:32 2009
+++ main.php    Fri May 28 17:42:05 2010
@@ -101,10 +101,28 @@
          $notification->push(sprintf(_("Your new password is too 
long; passwords may not be more than %d characters long!"), 
$password_policy['maxLength']), 'horde.warning');
          break;
      }
+    if (isset($password_policy['minDiff'])) {
+        $n = strlen($new_password0);
+        $o = strlen($old_password);
+        if (isset($password_policy['maxLength']) && $o > 
$password_policy['maxLength']) {
+            $o = $password_policy['maxLength'];
+        }
+        if ( $n < $o ) { $k = $n; $d = $o - $n; }
+        else { $k = $o; $d = $n - $o; }
+        $i = 0;
+        while ($d < $password_policy['minDiff'] && $i < $k) {
+            if (substr($new_password0, $i, 1) != 
substr($old_password, $i, 1)) { $d++; }
+            $i++;
+        }
+        if ($d < $password_policy['minDiff']) {
+            $notification->push(sprintf(_("Your new password must 
have at least %d differences to your current password"), 
$password_policy['minDiff']), 'horde.warning');
+            break;
+        }
+    }

      // Disect the password in a localised way.
      $classes = array();
-    $alpha = $alnum = $num = $upper = $lower = $space = $symbol = 0;
+    $alpha = $nonalpha = $alnum = $num = $upper = $lower = $space = 
$symbol = 0;
      for ($i = 0; $i < strlen($new_password0); $i++) {
          $char = substr($new_password0, $i, 1);
          if (ctype_lower($char)) {
@@ -112,9 +130,9 @@
          } elseif (ctype_upper($char)) {
              $upper++; $alpha++; $alnum++; $classes['upper'] = 1;
          } elseif (ctype_digit($char)) {
-            $num++; $alnum++; $classes['number'] = 1;
+            $num++; $nonalpha++; $alnum++; $classes['number'] = 1;
          } elseif (ctype_punct($char)) {
-            $symbol++; $classes['symbol'] = 1;
+            $symbol++; $nonalpha++; $classes['symbol'] = 1;
          } elseif (ctype_space($char)) {
              $space++; $classes['symbol'] = 1;
          }
@@ -146,6 +164,11 @@
          $notification->push(sprintf(ngettext("Your new password must 
contain at least %d alphanumeric character.", "Your new password must 
contain at least %d alphanumeric characters.", 
$password_policy['minAlphaNum']), $password_policy['minAlphaNum']), 
'horde.warning');
          break;
      }
+    if (isset($password_policy['minNonAlpha']) &&
+        $password_policy['minNonAlpha'] > $nonalpha) {
+        $notification->push(sprintf(ngettext("Your new password must 
contain at least %d numeric or special character.", "Your new password 
must contain at least %d numeric or special characters.", 
$password_policy['minNonAlpha']), $password_policy['minNonAlpha']), 
'horde.warning');
+        break;
+    }
      if (isset($password_policy['minClasses']) &&
          $password_policy['minClasses'] > array_sum($classes)) {
          $notification->push(sprintf(_("Your new password must 
contain at least %d different types of characters. The types are: 
lower, upper, numeric, and symbols."), 
$password_policy['minClasses']), 'horde.warning');
======

using $backends['sudo_expect'], after configuring sudo as documented in
scripts/passwd_expect, this works on my solaris server(s).

well, i didn't bother localizing the messages, as we're running a pure
english installation...

i would love to see these changes in passwd-h4  (resp., in Horde_Auth, 
the code
seems to have moved there).

btw.,  for my horde4 test installation, i grabbed passwd from
git://github.com/horde/horde on july 20, and could apply the above
patch, and it works, using backends.local.php to disable hordesql,
enable sudo_expect, and set the 'password policy' parameters.