11 Apr
2013
11 Apr
'13
2:54 p.m.
On 11.4.2013, at 14.58, manu@netbsd.org (Emmanuel Dreyfus) wrote:
By this I think you don't mean special authentication mechanisms, or even AUTHENTICATE PLAIN mechanism, but you mean that someone is using LOGIN command in such a kludgy way that the password field is over 1024 bytes long?
This is for pam_saml. The webmail sends a signed SAML assertion as the password, and the PAM module validates it.
The pam_saml could easily be changed to use AUTHENTICATE PLAIN instead.
You did support in in 1.x and it did not harm anyone…
It does make it easier to waste the (pre-login!) process memory usage.