On 03/22/2018 09:34 AM, Aki Tuomi wrote:> I have no idea*WHY* it is required by SOGo. It does not make sense.Well, the thing is: SOGo has this ability to behave like a *real* exchange server, as if it's running on a windows server. And this enables Outlook to connect to it like it would to an exchange server. (so: not in imap mode, and not using regular username/password authentication) Normally, SOGo simply reuses the provided username/password to connect to the imap server, but in the above scenario, these are not available. The same goes for a SAML2 authenticated SOGo webmail logon. In these scenarios, SOGo uses the 127.0.0.1 connection, to logon to imap. Since it does know the username. I guess a better solution would be for SOGo to be able to do 'transformations' to the username/password, to change the regular username/unknownpassword into username*master/masterpassword, and get rid of the 127.0.0.1 passwordless listener. Right? But SOGo doesn't do that. (afaik) MJ
On 22.03.2018 10:55, mj wrote:> > > On 03/22/2018 09:34 AM, Aki Tuomi wrote: >> I have no idea*WHY*? it is required by SOGo. It does not make sense. > > Well, the thing is: SOGo has this ability to behave like a *real* > exchange server, as if it's running on a windows server. And this > enables Outlook to connect to it like it would to an exchange server. > (so: not in imap mode, and not using regular username/password > authentication) > > Normally, SOGo simply reuses the provided username/password to connect > to the imap server, but in the above scenario, these are not available. > > The same goes for a SAML2 authenticated SOGo webmail logon. > > In these scenarios, SOGo uses the 127.0.0.1 connection, to logon to > imap. Since it does know the username. > > I guess a better solution would be for SOGo to be able to do > 'transformations' to the username/password, to change the regular > username/unknownpassword into username*master/masterpassword, and get > rid of the 127.0.0.1 passwordless listener. > > Right? > > But SOGo doesn't do that. (afaik) > > MJI would recommend using master password (that is, replace nopassword=y with password=staticpassword). I know that from localhost perspective this isn't much different, but it will reduce accidents. Aki
On 03/22/2018 09:56 AM, Aki Tuomi wrote:> I would recommend using master password (that is, replace nopassword=y > with password=staticpassword). I know that from localhost perspective > this isn't much different, but it will reduce accidents.ok, I'll see if I can get the SOGo developers attention on this. :-) MJ