Extending password restrictions
The rules used by the password program to accept or reject passwords (the password composition restrictions) can be extended by system administrators to provide site-specific restrictions.
Restrictions are extended by adding methods, which are called during a password change. The pwdchecks attribute in the /etc/security/user file specifies the methods called.
Beginning with the AIX® Version 6.1 Technical Reference contains a description of the pwdrestrict_method, the subroutine interface to which specified password restriction methods must conform. To correctly extend the password composition restrictions, the system administrator must program this interface when writing a password-restriction method. Use caution in extending the password-composition restrictions. These extensions directly affect the login command, the passwd command, the su command, and other programs. The security of the system could easily be subverted by malicious or defective code.