On 22.03.2018 10:55, mj wrote:
On 03/22/2018 09:34 AM, Aki Tuomi wrote:
I have no idea*WHY* it is required by SOGo. It does not make sense.
Well, the thing is: SOGo has this ability to behave like a *real* exchange server, as if it's running on a windows server. And this enables Outlook to connect to it like it would to an exchange server. (so: not in imap mode, and not using regular username/password authentication)
Normally, SOGo simply reuses the provided username/password to connect to the imap server, but in the above scenario, these are not available.
The same goes for a SAML2 authenticated SOGo webmail logon.
In these scenarios, SOGo uses the 127.0.0.1 connection, to logon to imap. Since it does know the username.
I guess a better solution would be for SOGo to be able to do 'transformations' to the username/password, to change the regular username/unknownpassword into username*master/masterpassword, and get rid of the 127.0.0.1 passwordless listener.
Right?
But SOGo doesn't do that. (afaik)
MJ
I would recommend using master password (that is, replace nopassword=y with password=staticpassword). I know that from localhost perspective this isn't much different, but it will reduce accidents.
Aki