why is dovecot "Allowing any password"
lists at merit.unu.edu
Thu Mar 22 10:55:07 EET 2018
On 03/22/2018 09:34 AM, Aki Tuomi wrote:
> I have no idea*WHY* it is required by SOGo. It does not make sense.
Well, the thing is: SOGo has this ability to behave like a *real*
exchange server, as if it's running on a windows server. And this
enables Outlook to connect to it like it would to an exchange server.
(so: not in imap mode, and not using regular username/password
Normally, SOGo simply reuses the provided username/password to connect
to the imap server, but in the above scenario, these are not available.
The same goes for a SAML2 authenticated SOGo webmail logon.
In these scenarios, SOGo uses the 127.0.0.1 connection, to logon to
imap. Since it does know the username.
I guess a better solution would be for SOGo to be able to do
'transformations' to the username/password, to change the regular
username/unknownpassword into username*master/masterpassword, and get
rid of the 127.0.0.1 passwordless listener.
But SOGo doesn't do that. (afaik)
More information about the dovecot