Hi, I'm not confident about accepting this (pam_unix) bug report and patch: http://sourceforge.net/tracker/index.php?func=detail&aid=521314&group_id=6663&atid=106663 Unfortunately, the originator didn't provide contact information, so I'm unable to follow up directly with him. Basically, I can't confirm what is wrong with the code without the patch. The str[n]cmp seems to force the comparison to be abreviated string if the salt is smaller than the encrypted password (NUL termination is not the issue since everything appears to be NUL terminated). Is this a legacy issue? (Something like bigcrypt thinks you want a bigcrypted password if you type a long password in - even when the stored encrypted password was truncated before encryption - that is the storage process didn't use bigcrypt?) I'd be happy if someone could comment/confirm that this is indeed a correct patch. Thanks Andrew
