One thing occurred to me recently: What to do with the good old FAQ "How do I authenticate with passowords from YP passwd or /etc/passwd?" That means clients SHOULD use TLS (or cleartext), right? -- Hallvard