1. Temporary disabling of a user account - Like when a manager goes on vacation and wants to prevent misuse
You can do this with pam-ldap.
2. Minimum password length.
You can do this with pam-cracklib.
3. Password aging, and notification to user when password is about expire.
You can do this with pam-ldap and shadowAccount.
4. Minimum password age.