Netware 6.5 SP6 with the latest AFP and CIFS patches and UP enabled

1) What is the maximum password length for CIFS and AFP?

I found this older TID and wondered if it still applied

2) If you have a longer Universal Password set than the NFAP password
length limitations, in the case of AFP the input password from the
client is cut down to the AFP length restriction and sent to the server.
As long as the cut down password matches the first part of the longer UP
(case sensitive) you can authenticate. So unless you set a low maximun
length UP policy for all users in a mixed OS environment to cope with
this then this is a security hole.

Is this the same with CIFS?