[Top] [All Lists]

Re: line lengths for AUTH (was: Requesting reviews: SMTP AUTH update...)

2006-12-07 10:07:08

On Thu, Dec 07, 2006, Alexey Melnikov wrote:

Any existing SASL mechanism I've seen doesn't send more than 300-400 
bytes in any step of an authentication exchange.

Larger lengths have been reported:

! Active Directory as kdc includes the PAC field and the tickets
! can get quite large.

and caused this change for sm 8.14:

        Increase the length of an input line to 12288 to deal with
                really long lines during SMTP AUTH negotiations.

The "unlimited" length is a pretty bad idea (potential for DoS).

<Prev in Thread] Current Thread [Next in Thread>