login with any password

view story

http://stackoverflow.com – I am having a strange problem in the sense that one of the users in my server is able to login with any password whose first eight characters same as the actual password of the user. For example, if the actual password of a user is abcdefgh then login with abcdefgh as the password, as well as abcdefgh2002 or abcdefghijkl succeeds, but not with 2001abcdefgh. I am using PAM with shadow file. The user in concern has a hash of his password in /etc/shadow file, but it does not have any salt as far as i can see. I tried it with my own account, but did not result in successful login. (HowTos)