Just replying to my own post:
On 12/02/2016 11:01 PM, mj (li...@merit.unu.edu) wrote:
It appears that sogo is not trying to authenticate at all?
Using tcpflow I can tell that SOGo IS actually trying to authenticate,
like this:
1 login "username"
"eF7VVm1vmzAQ/iuI77wY8kJQEy1t2inSukpJVU37UhlzJN7AjmyzZPv1Owfgkdjfkgkfldlkfjg9jQNMvaNZMm7RvifC/Pc/ecfaFpkcdTrUEZLoW1K3Kh4+rn2C6ViCXVXMeCFqBjw+Ll9PZDHLh+TFsPu3ERmozttTGb2PO22627DV2pVl7g+8T7dPthydZQUIcLbahgYFsPoDQmHNsYzbbms7E9nz32B8kIEuY7oxFETi8bpE6U9MAZjiiLUiABzdB1rnUJ8zqSQX+fDBwSOH54T6I49GPiu2Q4+GxPLmps9Wk1qUrTWBtP3QIUN24pShfS0qOlWXsKaF5or7ZceId++yDLMvkCzDQhPyId85l1I1VBsYLf8URcUjPHUyerj8al0BtgPOOQ2pM1lBsuvjbp9jGbBE26KykyXjlWnbkFs5bpy11hRZwAVaBa8CcCzaih1kdp7sSdmmYG1C8U9mM/2lNoLbDaDYeK55ZALVcyPOJwefde1qwFjuYrIYWzkdpgp8QC9EYKDfdybD/eDC9JQAbX08tr0huSYBDOZv3+VUD6/evQJ4HtTRo2TtR9ZGqYQopSXvGjK0yXgETDiZnoAL0InHTAm+jTMkXwDBCFUZxVeY4s9VzhWL3CSgGGpkh8A6+N22I6mWc/hk8Au8xmLZaGGiiwL9YUx1e8LgZrCbrS21yksBvbgzDssWGUOQFLe04vooDwoscmtAwGpIBBEHYzlCdAcswsGsFcPjrKsddsIBs8uK6YDGrzuEWOdBAx8ZTgi7aCdsTW4cMtLQY7FBSGuioOTZYlcRQPzy16X5FuvOYxaSbgTsOK2daNwKNL8+z4edokyJkthqoMdaW05DzQvwcLtGJvvGzy+w+"
This incredibly long password (I actually quoted it shortened above
here) is (I guess) what makes dovecot choke, with
Dec 02 22:34:33 imap-login: Info: Disconnected: Input buffer full (no
auth attempts in 0 secs): user=<>, rip=x.y.z.32, lip=x.y.z.68,
session=
and
BYE Input buffer full, aborting
It would be so nice if we could re-use the password-less OpenChange imap
listener on 127.0.0.1/32 also for SAML access.
I'm not sure what that long string of characters is, but could SOGo
somehow be configured to send a shorter password? I'm guessing that this
is all that's needed to make this work.
MJ
--
users@sogo.nu
https://inverse.ca/sogo/lists