Possibly it will vary by distro, but I expect most distros have a /etc/login.defs file, which goes along with the Shadow Password suite. Inside my file, I see this:
Code:
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
I would begin by setting that value as you wish. Of course, we don't need to tell you that a 4 character password would be VERY relatively easy to crack, so hopefully this is not for a root account or production machine, right?