Not actually a bug, but a recommendation for later distributions security, i've noticed 2.1 only allows something along the lines of an 8 character password. If someone were to get ahold of someone's username, which is easy to do, and they of course had some queer password guessing tool that tried all combinations within the 8 char limit, it'd be pretty easy to at least do that. I've tested other distributions like slackware, slack7 allows a 126 character password at max which is a really good thing. Just a recommendation.
-Mark
