11 Apr
2013
11 Apr
'13
3:57 p.m.
On Thu, Apr 11, 2013 at 02:54:01PM +0300, Timo Sirainen wrote:
This is for pam_saml. The webmail sends a signed SAML assertion as the password, and the PAM module validates it. The pam_saml could easily be changed to use AUTHENTICATE PLAIN instead.
pam_saml is not the component that choose the authentication. The webmail does. Squirrelmail does not support PLAIN.
You did support in in 1.x and it did not harm anyone? It does make it easier to waste the (pre-login!) process memory usage.
Perhaps it could be configurable?
-- Emmanuel Dreyfus manu@netbsd.org