Possibly it will vary by distro, but I expect most distros have a /etc/login.defs file, which goes along with the Shadow Password suite. Inside my file, I see this:
# Password aging controls:
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
I would begin by setting that value as you wish. Of course, we don't need to tell you that a 4 character password would be VERY relatively easy to crack, so hopefully this is not for a root account or production machine, right?