diff --git a/usr.sbin/user/user.c b/usr.sbin/user/user.c
index c9a5bda256f8..0cbad38ca597 100644
--- a/usr.sbin/user/user.c
+++ b/usr.sbin/user/user.c
@@ -1,4 +1,4 @@
-/* $NetBSD: user.c,v 1.59 2002/08/27 12:38:02 agc Exp $ */
+/* $NetBSD: user.c,v 1.60 2002/09/30 04:05:22 itojun Exp $ */
 
 /*
  * Copyright (c) 1999 Alistair G. Crooks.  All rights reserved.
@@ -35,7 +35,7 @@
 #ifndef lint
 __COPYRIGHT("@(#) Copyright (c) 1999 \
 	        The NetBSD Foundation, Inc.  All rights reserved.");
-__RCSID("$NetBSD: user.c,v 1.59 2002/08/27 12:38:02 agc Exp $");
+__RCSID("$NetBSD: user.c,v 1.60 2002/09/30 04:05:22 itojun Exp $");
 #endif
 
 #include <sys/types.h>
@@ -167,7 +167,7 @@ enum {
 	MaxFieldNameLen = 32,
 	MaxCommandLen = 2048,
 	MaxEntryLen = 2048,
-	PasswordLength = 13,
+	PasswordLength = 2048,
 
 	LowGid = DEF_LOWUID,
 	HighGid = DEF_HIGHUID
@@ -1013,12 +1013,14 @@ adduser(char *login_name, user_t *up)
 		warnx("Warning: home directory `%s' doesn't exist, and -m was not specified",
 		    home);
 	}
-	password[PasswordLength] = '\0';
+	password[sizeof(password) - 1] = '\0';
 	if (up->u_password != NULL &&
-	    strlen(up->u_password) == PasswordLength) {
-		(void) memcpy(password, up->u_password, PasswordLength);
+	    (strlen(up->u_password) == 13 ||
+	     strncmp(up->u_password, "$1", 2) == 0 ||
+	     strncmp(up->u_password, "$2", 2) == 0)) {
+		(void) strlcpy(password, up->u_password, sizeof(password));
 	} else {
-		(void) memset(password, '\0', PasswordLength);
+		(void) memset(password, '\0', sizeof(password));
 		password[0] = '*';
 		if (up->u_password != NULL) {
 			warnx("Password `%s' is invalid: setting it to `%s'",
@@ -1264,8 +1266,12 @@ moduser(char *login_name, char *newlogin, user_t *up)
 			}
 		}
 		if (up->u_flags & F_PASSWORD) {
-			if (up->u_password != NULL && strlen(up->u_password) == PasswordLength)
+			if (up->u_password != NULL &&
+			    (strlen(up->u_password) == 13 ||
+			     strncmp(up->u_password, "$1", 2) == 0 ||
+			     strncmp(up->u_password, "$2", 2) == 0)) {
 				pwp->pw_passwd = up->u_password;
+			}
 		}
 		if (up->u_flags & F_UID) {
 			/* check uid isn't already allocated */
@@ -1810,9 +1816,9 @@ userdel(int argc, char **argv)
 	if (u.u_preserve) {
 		u.u_flags |= F_SHELL;
 		memsave(&u.u_shell, NOLOGIN, strlen(NOLOGIN));
-		(void) memset(password, '\0', PasswordLength);
+		(void) memset(password, '\0', sizeof(password));
 		password[0] = '*';
-		memsave(&u.u_password, password, PasswordLength);
+		memsave(&u.u_password, password, strlen(password));
 		u.u_flags |= F_PASSWORD;
 		openlog("userdel", LOG_PID, LOG_USER);
 		return moduser(*argv, *argv, &u) ? EXIT_SUCCESS : EXIT_FAILURE;