In the graphical install, when selecting the password for a non-root user, too short passwords are accepted. In the text mode install, a too short password for a non-root user won't be accepted, and I think that this inconsistensy suggests that the behavior in the graphical install is a bug. My suggestion is that too short user passwords won't be accepted in the graphical install either, and the "Next" button greyed out and the text "Password too short." displayed, as when one enters a too short root password. This would greatly improve security for users that do not understand the security consequences of short passwords.
Will be added to future issues to address.
I agree. This issue is now fixed in CVS. Brock, please test and verify that the fix works.
verified non-root users now have a six character passwd minimum ...