On 11.4.2013, at 14.58, m...@netbsd.org (Emmanuel Dreyfus) wrote: >> By this I think you don't mean special authentication mechanisms, or even >> AUTHENTICATE PLAIN mechanism, but you mean that someone is using LOGIN >> command in such a kludgy way that the password field is over 1024 >> bytes long? > > This is for pam_saml. The webmail sends a signed SAML assertion as the > password, and the PAM module validates it.
The pam_saml could easily be changed to use AUTHENTICATE PLAIN instead. > You did support in in 1.x and it did not harm anyone… It does make it easier to waste the (pre-login!) process memory usage.
