I use Debian 3.0. I tried to restrict password length by adding in /etc/login.defs:
I rebooted the machine after making this change but it doesn't work. I can create a user with password length < 8 or > 12, and that new user can login without problem.

Although PAM is not enabled on the host, I edited /etc/pam.d/login and /etc/pam.d/passwd any way to include a line:
password required pam_unix.so nullok obscure min=8 max=12
I rebooted the machine after this change but it still doesn't work. Could someone give me any ideas how this should be done? Your help is very much appreciated.