We recently discovered that the way we install a VPS differs slightly from the usual CD install. This is not something we do specifically but something that can be improved on in the set-ups of CentOS5.3.
When you install from a CD it automatically enables MD5 encryption in passwords (which should be the norm), however when you install directly from base packages it does not.
This appears to be a fairly new development and we have caught it quickly thanks to some great users who have passwords longer than 8 characters. The main side effect of having no MD5 is that you can not have a password longer than 8 characters at all, it just doesn't work.
To test your VPS and see if you have it, you can set a password with more than 8 characters, if you trim the end characters off you will still be able to login with only the first 8 characters.
There is an easy fix for this,
You need to have this enabled
Next, edit this file /etc/pam.d/system-auth
Make sure it has the following line (which has md5 in that place)
password sufficient pam_unix.so md5 shadow try_first_pass use_authtok nullok
You should then reset any passwords on the box with passwd so they are now using MD5
[root@hostname ~]# cat /etc/shadow
[root@hostname /etc/pam.d]# cat /etc/shadow
If you have any problems or concerns you should contact us on support. Just drop in a ticket and we can get things going again.