Over Christmas, I updated Dad's backup (SuperDuper is great), and upgraded to Leopard. It failed miserably -- in exactly the same way as my own first Leopard upgrade failed, although I didn't know what was going on back then. There wasn't any documentation about the problem then, but now Apple describes a closely related issue:

Mac OS X 10.5: Unable to log in after an upgrade install

Issue or symptom

You may not be able to log in with a user account that has a password of 8 or more characters and was originally created in Mac OS X 10.2.8 or earlier, after performing an upgrade installation of Mac OS X 10.5 Leopard (the default installation type).

I do indeed use a password longer than 8 characters. At least on my own system, the accounts were not created under or before 10.2.8. On my father's system, the accounts may date back that far, but his password was not longer, and Apple's suggested workaround did not work either.

On my own upgrade, I installed Leopard, and was unable to log in with my (known correct) password, or my root password. I booted from DVD and was able to see my home directory, but there was no information on how to fix Leopard accounts (and really not much information on Leopard accounts at all) at that time. Reset Password from DVD didn't work, and neither did passwd. I reinstalled from scratch and restored my home directory.

For Dad, I didn't have time to do that, so I created a new account with a different username and real name, and swapped his old home directory with the new (basically empty) one. This took about 5 minutes, compared to several hours spent unsuccessfully trying to fix his old account. Somehow during the upgrade, his account was disabled, and I was unable to re-enable it. I booted from the Leopard DVD, and the Reset Password tool said it reset his password, but did not. I booted into my own admin account, and used passwd, which gave me a Directory Services account disabled error. The only references to that error Google has to that error code are copies of the manual page, which lists the error code but not a way to enable such an account. I even updated to get the Login & Keychain update, but it didn't help.

In the interim, Apple has documented that Leopard stores accounts as .plist files in /var/db/dslocal/nodes/Default/users/, which is very helpful -- it makes it easy to do things like change UIDs, which I need to do periodically. On the other hand, those files point into other places for some information, such as the Kerberos KDC (Key Distribution Center) for actual passwords. I don't know enough Kerberos to feel comfortable creating an identity for his account, as should have automatically happened during the upgrade (before Leopard, non-Server versions of Mac OS X don't include a KDC, and they store passwords differently). I considered pointing his account to the KDC identity for a new account with the right password, but this seemed fragile, so I went with the new account, which seems to have worked reasonably well.

FUBAR!