[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] Plaintext passwords IMAP please!



> > I too would want a better solution. And I fully concur with you
> on the subject
> > of Cyrus-imapd. Cyrus seemingly serves one single purpose, to
> drive sysadmins
> > utterly crazy. ;-|    I gave up early when I saw the list of
> prerequisites...
>
> I, too, couldn't figure our Cyrus.  Download and compile the
> imapd (non-Cyrus)
> source yourself: http://www.washington.edu/imap/
>
> > however teaching all the clients that they should trust a
> self-signed cert
> > sure isn't, so this may not be a viable option for you anyway.
>
> Sounds like an Outlook Express issue to me.  Don't blame SuSE for
> Microsoft's
> shortcomings.

absolutely disagree with you. Whilst I too love to bash M$, this is nothing
to do with them. It is already a huge task to educate end-users about only
trusting signed certs. To then re-educate them that certain self-signed
certs are safe is asking too much.

Maybe you could add yourself as a trusted root CA to all clients, thus
avoiding the problem?


Andy


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here