When the user that has been validated against the external database is created by the plugin (calling wp_insert_user) the process will fail if an email address has *not* been retrieved from the external db.
This is because wp_insert_user creates a blank email address at line 140 in the absence of one from the db. If there are other blank emails in WP the "email already exists" check will then fail and hence the login.
The safest way to fix this appears to me to be to force the reading of an email address from the external db (in my case drupal)
Thanks for a very useful plugin though