I think it's a config problem most likely. I just went through checks with 2.8.6 and 2.9 and both of them are working fine.
I bet all the fields are correct, but possibly Drupal, like other systems, has a particular hashing system that is more involved that a basic sha1, md5, or variant thereof. This site seems to indicate that Drupal 7, at least, may be using phpass. You would have to use code based on that to hash the (initial plaintext) password a user enters and compare to what's on the Drupal user database.
This is also what wordpress is supposed to be doing, but I'm having issues getting it to work across two wordpress installs per this post.