Here you can manage per-user password settings.
The maximum password age allows the administrator to control the frequency with which mandatory password changes are implemented. If a given user has not changed their password in this many days, the will be required to change their password at next logon. Passwords can be changed by logging on to the HTTP server with their web browser and clicking the "Reset Password" button. If set to 0, there is no maximum password age in effect.
The minimum password length allows the administrator to require that when a user changes their password, as described above, their new password must be at least the specified length. If set to 0, there is no minimum password length in effect. Note: this setting only applies to passwords set by the user. The administrator can always set a password of arbitrary length on the "Basic Settings" tba.
The "User must change password at next logon" checkbox, when enabled, forces the user to select a new password upon next logon. They will need to log on over HTTP using their web browser to change their password.