>Of course, something like the "john" package I discovered in the Debian
>installer CDs would have been helpful to prevent that.  "John" is run by
>the sysadmin, and it tries to crack user passwords and sends warning
>email to the sysadmin about users with easily-cracked passwords.   

>Granted, the sysadmin was the weakest link, but still...

That would be John the Ripper, right?   Although you may call it from the command line or cron with 
"john".

http://www.openwall.com/john/

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are 
officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its 
primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most 
commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows 
NT/2000/XP LM hashes, plus several more with contributed patches.

John the Ripper is a part of Owl, Debian GNU/Linux, EnGarde Linux, Gentoo Linux, Mandrake Linux, 
and SuSE Linux. It is in the ports/packages collections of FreeBSD, NetBSD, and OpenBSD.

Brian Kelsay