On Thu, Apr 11, 2013 at 02:54:01PM +0300, Timo Sirainen wrote: > > This is for pam_saml. The webmail sends a signed SAML assertion as the > > password, and the PAM module validates it. > The pam_saml could easily be changed to use AUTHENTICATE PLAIN instead.
pam_saml is not the component that choose the authentication. The webmail does. Squirrelmail does not support PLAIN. > > You did support in in 1.x and it did not harm anyone? > It does make it easier to waste the (pre-login!) process memory usage. Perhaps it could be configurable? -- Emmanuel Dreyfus m...@netbsd.org
