Linux doesn't seem to check the full password string entered against that password database, or only stores the first 8 letters. If my password was joelwener1010, entering joelwene, at a telnet, or e-mail password prompt would be accepted, and I would be logged into the system. This can be a security problem especially if the password is meant to be long in the first place. Joel Wener
Standard unix behavior for crypt() password. Turning on shadow & md5 passwords will solve this.