I think that disabling plain text password authentication by default is a good move for SuSE. If you're still using plain text passwords then something is wrong. There are very few email clients that don't support SSL these days. Things like telnet and ftp are obsolete (or should be) due to SSH and SFTP. Even cisco ships their IOS with ssh authentication now days. The fact of the matter is that over half of security breaches are from internal sources, so having a "firewall" isn't the end of security. If you believe that the data you're securing isn't important enough to need secure password authentication then perhaps that's acceptable to your company. To have decent security in place requires a layered security approach, meaning that you have more than one piece to secure everything. Setting up SSL is really not that hard, and using it on the clients usually only requires you to check a box. I would strongly suggest that you invest the time to use SSL for your email authentication, but obviously the end decision is based on the cost difference between doing that versus the risk of losing your data. The paranoia that SuSE is displaying here is simply derived from basic modern security principals. On Wed, 2004-01-14 at 08:07, Peter Hinterseer wrote:
Note the part about the risk, they must be really paranoid about those plaintext passwords.
-- David M. Fetter - http://www.fetterconsulting.com/ "The world is full of power and energy and a person can go far by just skimming off a tiny bit of it." Neal Stephenson - Snow Crash