The local crypt() may support hash types which use more than the first 8
characters.  It also doesn't modify the input string, so we should just
stop truncating it.  Are there platforms where the input string *is* modified?

--- krb5-1.2.7/src/appl/bsd/login.c	2005-11-15 16:20:34.000000000 -0500
+++ krb5-1.2.7/src/appl/bsd/login.c	2005-11-15 16:20:29.000000000 -0500
@@ -461,17 +461,14 @@
 static int unix_passwd_okay (pass)
     char *pass;
 {
-    char user_pwcopy[9], *namep;
+    char *namep;
     char *crypt ();
 
     assert (pwd != 0);
 
-    /* copy the first 8 chars of the password for unix crypt */
-    strncpy(user_pwcopy, pass, sizeof(user_pwcopy));
-    user_pwcopy[sizeof(user_pwcopy) - 1]='\0';
-    namep = crypt(user_pwcopy, salt);
-    memset (user_pwcopy, 0, sizeof(user_pwcopy));
-    /* ... and wipe the copy now that we have the string */
+    namep = crypt(pass, salt);
+    if (strlen(namep) < 13)
+	return 0;
 
     /* verify the local password string */
 #ifdef HAVE_SHADOW