Validation on password attr_accessor

I am using the authentication example of Rails Recipes book (around
page 135)

I am trying to make a sign-up form for it

I have the following method

def password=(pass)
      self.password_salt, self.password_hash = salt,
Digest::SHA256.hexdigest(pass + salt)

which seems to work

I use

attr_accessor :password

So that I can have a password field on my form

But if I use validates_length_of :password, :within => 5..40

The password always fails the validation even if I enter more that 5
chars etc...

Any help would be appreciatted