Hello all, I have my passwords set to expire every 30 days. When they expire, I am asked to input a new, different password. It turns out that I recently noticed I had to input only the first 8 characters of my password to be able to log in. I discussed this with Hlao-ru on #archlinux and, thanks to him, I found out that passwords generated by passwd were fine but passwords generated after my password expire suffer of the 8-character restriction problem. This problem can be reproduced by manually expiring the password with passwd -e user and then loging in with su user. So I took a look at man passwd and man login and both programs read /etc/login.defs. This file has a parameter, ENCRYPT_METHOD, that was, in my system, unset. The default value for this parameter is DES, and that could be causing my problem. I set the parameter to SHA512 but that didn't help (I believe I have to reboot the system, and I haven't). There are a few other files that seem to do a similar job, namely /etc/default/passwd and /etc/pam.d/password. I am confused: what file control what programs? And isn't that a bug? The wiki [0] says that newly created passwords use SHA-512 as the encryption, but that's clearly not the case when asked to create a new password. [0]: https://wiki.archlinux.org/index.php/SHA_password_hashes Thanks all, -- Rafael Beraldo cabaladada.org