Re: Maximum password length

On 10/12/18, 4:24 PM, "Stephen Frost" <sfrost@snowman.net> wrote:
> * Bossart, Nathan (bossartn@amazon.com) wrote:
>> My main motivation for suggesting the increase to 8k is to provide
>> flexibility for alternative authentication methods like LDAP, RADIUS,
>> PAM, and BSD.
>
> Specific use-cases here would be better than hand-waving at "these other
> things."  Last I checked, all of those work with what we've got today
> and I don't recall hearing complaints about them not working due to this
> limit.

The main one I am thinking of is generated security tokens.  It seems
reasonable to me to limit md5 and scram-sha-256 passwords to a much
shorter length, but I think the actual server message limit should be
somewhat more flexible.

Nathan