maximum recognized password issue limited to 8 characters

I am having an issue with webmin where it only recognizes the first 8 characters on login.

I am running it on Ubuntu 9.04. The ubuntu o/s recognizes more than 8 characters and when i look at the users within virtualmin i can see 10char 12 char passwords with no problem but when i go to login through usermin only 8 characters are recognized.

How do i fixed this?

Please help.

Thank you.


when i go to login through usermin only 8 characters are recognized.

Hrm, can you explain the problem you’re seeing in more detail?

For example, where exactly is that restriction coming in?

I just verified that the password field in Usermin allows more than 8 characters, and I’m able to log in with a password longer than 8 chars… so where along the login process are you seeing an 8 character restriction?


Well when i go into virtualmin and look at the users it shows more than 8 characters but when you log in to usermin if you type in the first 8 characters of say your 10 character password it will take.

so if your password is 1234567890 if you login to usermin with 12345678 it will let you log in.

I see this as a security risk and would like to resolve this issue right away.

Any help would be appreciated.

thank you


Hi Edwin,

Hrm, I’m not seeing that behavior on my Ubuntu system here.

I’m curious though – do you see that same problem when using a desktop application, such as Outlook or Thunderbird, to check your email?

That is, when using Outlook, can you just type in 8 characters, and have it authenticate?

Also, are you using anything unusual for authentication, such as an LDAP or MySQL backend?


yes it does the same thing via outlook.

so just to recap if the password is more than 8 characters the server only checks the first 8 and if they match regardless of what comes after those first 8 it will authenticate. so if the password is 123457890 the server will authenticate using 1234578 or 12345678#a3. ubuntu on the other hand will only authenticate if all characters of the password are matching when a user created within ubuntu logs into ubuntu itself but when the user is created with webmin only the first 8 characters matter.

i know it is not using LDAP but how do i check if it is using MySQL or another application for authentication?

thank you,


the 8 character limitation is coming in through users created through webmin only. if users are created through ubuntu there is no problem with recognizing passwords over 8 characters long.


If you go into Webmin -> System -> Users and Groups -> Module Config -> New user options, and set “Password encryption method” to “MD5”, does that help?

This typically happens by default, and I’m not able to reproduce the issue you’re seeing… it’s possible something unusual is going on.


Yes that worked great. thanks.

i just have to redo the password and after that it works fine.

what would cause that to happen?