Currently there are fifty bazillion password change modules in Usermin, Webmin and Virtualmin and everything inbetween.
They all differ in validation options (length, complexity), etc.
They all SUCK. Extremely badly. Take it from me, I know enough about how these modules work to have jailed them and created a system where they can't do any damage. But I won't get into that.
Anyway here's the idea: * Roll them all into a single codebase, a single authentication/password-writing module, configured in ONE place, where admins can set up PAM chains for strength checking with things like pam_cracklib, and show the user the output of cracklib if it failed. Don't accept weak passwords.
You don't have to spend a single second coding password strength verification systems. Just leverage PAM modules. Let users configure the PAM options, run the password through it, and display the resulting warnings. Only write passwords to /etc/shadow (or the webmin user-store) if the password passed PAM validation.
This updated module would be responsible for hashing the accepted passwords too. Writing passwords to disk using SHA512 hashes by default.