Question:
All for one one for all. A Web user ARE R/3 users they just get to R/3 via the web. Most all PAssword options are for all IDs, but you could make the web users SERVICE user ids, but then the password would never need to be changed, not a good thing.
SOem of the password settings are for GUI/ non-GUI use. Look at LOGIN/PASSWORD_LOGON_USERGROUP ( though I think this is for the allow these user GUI access)
Answer:
Thanks John. I thought about login/password_logon_usergroup but you can only use it in conjunction with login/disable_password_logon which I know they won't buy.