diff --git a/src/api/app/controllers/person_controller.rb b/src/api/app/controllers/person_controller.rb
index c0b800f3f60..52511af4b22 100644
--- a/src/api/app/controllers/person_controller.rb
+++ b/src/api/app/controllers/person_controller.rb
@@ -262,6 +262,7 @@ def update_watchlist( user, xml )
   private :update_watchlist
 
   def change_my_password
+    #FIXME3.0: remove this function
     valid_http_methods :post, :put
     
     xml = REXML::Document.new( request.raw_post )
diff --git a/src/api/app/models/user.rb b/src/api/app/models/user.rb
index 646d1d196ad..52249d5ff34 100644
--- a/src/api/app/models/user.rb
+++ b/src/api/app/models/user.rb
@@ -100,8 +100,9 @@ def new_password?
   #   user.save
   #
   def update_password(pass)
-    self.password_confirmation = pass
-    self.password = pass
+    self.password_crypted = hash_string(pass).crypt("os")
+    self.password_confirmation = hash_string(pass)
+    self.password = hash_string(pass)
   end
 
   # After saving the object into the database, the password is not new any more.
@@ -710,10 +711,10 @@ def state_transition_allowed?(from, to)
   # Model Validation
 
   validates_presence_of   :login, :email, :password, :password_hash_type, :state,
-  :message => 'must be given'
+                          :message => 'must be given'
 
   validates_uniqueness_of :login, 
-  :message => 'is the name of an already existing user.'
+                          :message => 'is the name of an already existing user.'
 
   # Overriding this method to do some more validation: Password equals 
   # password_confirmation, state an password hash type being in the range
@@ -760,9 +761,9 @@ def validate
   # include this condition in your :if parameter to validates_format_of when
   # overriding the password format validation.
   validates_format_of :password,
-  :with => %r{\A[\w\.\- !?(){}|~*]+\z},
-  :message => 'must not contain invalid characters.',
-  :if => Proc.new { |user| user.new_password? and not user.password.nil? }
+                      :with => %r{\A[\w\.\- !?(){}|~*]+\z},
+                      :message => 'must not contain invalid characters.',
+                      :if => Proc.new { |user| user.new_password? and not user.password.nil? }
 
   # We want the password to have between 6 and 64 characters.
   # The length must only be checked if the password has been set and the record
@@ -770,10 +771,10 @@ def validate
   # include this condition in your :if parameter to validates_length_of when
   # overriding the length format validation.
   validates_length_of :password,
-  :within => 6..64,
-  :too_long => 'must have between 6 and 64 characters.',
-  :too_short => 'must have between 6 and 64 characters.',
-  :if => Proc.new { |user| user.new_password? and not user.password.nil? }
+                      :within => 6..64,
+                      :too_long => 'must have between 6 and 64 characters.',
+                      :too_short => 'must have between 6 and 64 characters.',
+                     :if => Proc.new { |user| user.new_password? and not user.password.nil? }
 
   class << self
     def current
diff --git a/src/api/test/functional/person_controller_test.rb b/src/api/test/functional/person_controller_test.rb
index 687b86f9d30..1388fd28a3e 100644
--- a/src/api/test/functional/person_controller_test.rb
+++ b/src/api/test/functional/person_controller_test.rb
@@ -172,11 +172,10 @@ def test_register_and_change_password_new_way
 
     post "/person/adrianSuSE?cmd=change_password", data
     assert_response :success
-
-    u = User.find_by_login "adrianSuSE"
-    assert_not_nil u
-    assert_equal u.login, "adrianSuSE"
-    assert_equal u.password, data
+    # test login with new password
+    prepare_request_with_user "adrianSuSE", data
+    get "/person/adrianSuSE"
+    assert_response :success
 
     #cleanup
     u.destroy