Remove obsolete "configurable constants" from code

[d-w-moore]

An example:

As late as v2.0.0, irods.connections.ALLOW_PAM_LONG_TOKENS defaults to True but may be set to False as a guard against switching from the use of the regular api [1201 = AUTH_PLUG_REQ_AN] over to api [725 = PAM_AUTH_REQUEST_AN] which permits longer PAM passwords (or ones containing '=' or ';') to be used. Either this setting should be a configuration option or it should be omitted, as its current usage (simply setting the global) is open to potential problems, abuse, or at the worst denial-of-service style attacks.

[trel]

If we remove ALLOW_PAM_LONG_TOKENS - then PRC could presumably not talk to some older servers? What version of server would that preclude/remove?

I expect we can remove it and reduce the surface area.

[d-w-moore]

Basically surface area is my concern, yes. If we want to keep the option to allow or exclude the API switching, it can be something like

legacy_auth.pam.allow_switching_pam_api_for_long_tokens_and_special_characters

[d-w-moore]

If we remove ALLOW_PAM_LONG_TOKENS - then PRC could presumably not talk to some older servers? What version of server would that preclude/remove?

It wouldn't affect compatible server versions ... even iRODS 3.0.1 contains both of those APIs.

[trel]

okay, great. so we really get to decide what good looks like... and do that. thanks.