Comment 16 for bug 1175906

Is it possible to move the current hard-coded (4096) default into a maxlength field for each existing password? Then the configuration could set a desired global maxlength which would be applied per-entry on new accounts and lowered as necessary on password changes of existing accounts. This sort of "eventually consistent" transition would relieve administrators from forced password changes or invalidating existing hashes of their entire userbase (which is of course extremely disruptive to those users).