Looking at the source of the original patch, it's clear to me that the "max" option was never *supposed* to restrict the number of characters that a user could enter. Instead, it's purpose was to indicate the maximum number of characters that would be *significant* in the password due to limitations of the encryption algorithm, so that the 'obscure' checks can be run on the first x characters.
Well, we shouldn't need a config option to tell us that; we know based on which crypt algorithm we're using what the maximum supported password length is. So I'm going to pull this as a config option in the next upload, with a backwards compatibility stub so that existing uses aren't treated as errors. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
