While Sarbanes-Oxley doesn't require regular password changes, many of the auditing firms involved in Sarbanes-Oxley compliance are pushing this.
Having used Moodle in such a corporate environment, I was asked whether we could get things set up so that users would be forced to periodically change their passwords, whether we could require a certain level of complexity, etc. (like must contain both letters and numbers.
I was wondering if anyone's considered a mass version of the 'change password on next login' feature and a 'mandatory level of password complexity' feature.
There's some support for password changes in the Auth/LDAP plugin. Usually discussed in the User Authentication forum 
Enterprise environments are likely to have an LDAP or AD server, which will take care of their internal rules for password changes, password complexity, etc.
If you want to implement it with custom business rules and you're not using LDAP, just add a little bit of code in admin/cron.php to add the flags to force change password to the relevant users.
On the complexity side, PHP does have a cracklib integration -- it'd be a relatively simple endeavour to add complexity requirements with cracklib. Take a look at http://nz.php.net/crack
cheers!
If you want to implement it with custom business rules and you're not using LDAP, just add a little bit of code in admin/cron.php to add the flags to force change password to the relevant users.
On the complexity side, PHP does have a cracklib integration -- it'd be a relatively simple endeavour to add complexity requirements with cracklib. Take a look at http://nz.php.net/crack
cheers!