Does your campus have a centralized authentication service?

Do you sync passwords among several authentication systems?

(eg Kerberos, NT, Netware)

Do you check passwords for non-crackability?

Do users have to change their passwords regularly?

If/when you observe compromised passwords (eg from a cracker's sniffer

log) do you invalidate the user's account? What procedure does a user

follow to get their account reinstated?

Do you have policy about the use of the central ID/authentication system by

applications, eg, central admin systems must use these IDs?