I noticed the other day that the user accounts on my Ubuntu 6.06LTS server that have been created with Virtualmin have been created using CRYPT instead of MD5, which is allowing logins with only the first 8 characters of the password. This is obviously less than optimal. Is there a missed setting somewhere in virtualmin that would make these passwords be created with md5 instead of crypt, or is there a good reason why they're using the weaker crypt method?
If it's possible to set the system to use md5 instead of crypt, how can I migrate the existing accounts to use the stronger hash algorithm, or is this even possible?