Linux doesn't seem to check the full password string entered
against that password database, or only stores the first 8
letters. If my password was joelwener1010, entering
joelwene, at a telnet, or e-mail password prompt would be
accepted, and I would be logged into the system. This can
be a security problem especially if the password is meant to
be long in the first place.
Standard unix behavior for crypt() password.
Turning on shadow & md5 passwords will solve this.