Bug 5837 A limit of 20 chars for the administrator password has been implemented in the current, new workspace interface and a message clarifying the limit too. Also in the web service create user method, a new response has been added in order to prevent the creation of users with passwords above the 20 characters.

workflow/engine/classes/class.wsBase.php

@@ -814,6 +814,11 @@ class wsBase
          return $result;
       }
 
+      if(strlen($password)>20)
+      {  $result = new wsCreateUserResponse (28, "Password surprases the maximun length allowed", '');
+         return $result;
+      }
+
       global $RBAC;
       $RBAC->initRBAC();