>	pls try etc/security revision 1.77.

imho, checking the length is better...unless you wanna make sturdier
regular expressions that contrain the length and content of the
password strings.  this

                    $2 !~ /\$1/ &&
                    $2 !~ /\$2/ &&

is a little redundant (the 1 and the 2 could just be tossed into a
character class) and it just makes sure the password strings contain
$! or $2, but makes no insistence on where it occurs or how the rest
of the string is formed.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."