> Please create a test account with password 'password', test this > account and if it is authenticated with "garbage at the end" please > post the encrypted password from 'vpasswd' of this account.
It didnt. > I assume your installation does not use MD5 routines in 'crypt()' > function, and therefore your passwords are limited to a maximum of 8 > characters. All passwords with exactly 8 characters (so NOT 'secret' > as this are only 6) than will be accepted if the first 8 characters of > input match. This is due to the fact 'crypt()', using only DES, only > takes the first 8 characters. A MD5-enabled 'crypt()' will not suffer > this limitations Very interesting. It seems that the problem occured only with the migrated domains from other servers (the "museum" ones). Accounts created in the new server, or accounts which had its password changed in the new server does not have this problem. > Maybe the 'museum' might be the problem: if their libcrypt is too old > it might be it's not yet aware of MD5, who knows. I guess that was it. Thanks a lot, Peter! Is it possible to convert all "old" passwords from the old format (MD5-disabled crypt()) to the new format? --Jw.