[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Plaintext passwords IMAP please!



Quoting David Fetter <david.fetter@xxxxxxxxxxxxxxxxxxxx>:

> I think that disabling plain text password authentication by default is
> a good move for SuSE.  If you're still using plain text passwords then
> something is wrong.  There are very few email clients that don't support
> SSL these days.  Things like telnet and ftp are obsolete (or should be)
> due to SSH and SFTP.  Even cisco ships their IOS with ssh authentication
> now days.  The fact of the matter is that over half of security breaches
> are from internal sources, so having a "firewall" isn't the end of
> security.  If you believe that the data you're securing isn't important
> enough to need secure password authentication then perhaps that's
> acceptable to your company.  To have decent security in place requires a
> layered security approach, meaning that you have more than one piece to
> secure everything.  Setting up SSL is really not that hard, and using it
> on the clients usually only requires you to check a box.  I would
> strongly suggest that you invest the time to use SSL for your email
> authentication, but obviously the end decision is based on the cost
> difference between doing that versus the risk of losing your data.  The
> paranoia that SuSE is displaying here is simply derived from basic
> modern security principals.
>

The problem is that it is a compile time option that doesn't appear to be
fixable without recompiling it yourself.  This problem bit me, too.

I use IMAP solely to talk to the IMP webmail system that resides on the same
machine.  Since the imap port is host-firewalled off, only things that reside
on that machine can access it.  Having the machine connect to itself via SSL is
laughable, especially on a machine that isn't all that powerful to begin with.

SuSE should not be in the business of telling sysadmins what is, and what is not
acceptable.  Better default options are always preferrable, but to tell the
sysadmin "you can't do this" is wrong.  SuSE should be in the business of
empowering the sysadmins, not making their lives more difficult.

In most situations, yes, IMAP should have ssl, and that should definately be the
default setting.  However, there are situations where it is less than optimal,
and thus it should be config option, not compile-time option.


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here