In message <20010323031818.7075E2891@mail.wistey.org>, markbsd@wistey.org writes:
>Hi...  I'm currently running a release, binary distribution of 
>NetBSD/i386 1.5, and I'm having problems getting it to recognize 
>passwords longer than 8 characters.  

If you use DES passwords (the standard in Unix for many many years, but
a lot of Unixes are moving away from it), then only 8 characters of the
password are significant, because of the way the password is used.  (The
lower seven bits of the first 8 bytes are used to make a DES key, which
then encrypts a well known block, to get the password hash stored in the
password file.)

If you use some other hashing algorithm then you can get more significant
characters.  MD5 seems to be starting to be used more commonly (eg,
recent Debian Linux installs), and IIRC that offers more signficant
characters (I forget how many; perhaps 16).

I don't know for certain what NetBSD is using, but having just had a
quick look at my NetBSD 1.5 setup, it does appear to be using DES-length
passwords, and hence only 8 characters will be significant.

>It was kind of an unhappy surprise to find this, since I had been relying 
>on a very long password--rather than d!Ff!(u|T-- for root.

I'd suggest that you reduce the length of your password, and make it
less guessable -- perhaps taking particular letters out of your long
password instead of using the whole length of it.

You might also want to investigate using ssh, and a long pass phrase to
secure most of your access, and perhaps denying root logins remotely
(ie, force a login to another account first).

Ewen