Hello Matieu,

mount.davfs does not *send* login/password before verifying the server certificate.

The reason, why it asks the user in advance is: it can only ask the user, as long as it is not in daemon mode. But request from the server for credentials may come at any time.

For example: some servers don't ask for credentials when mount.davfs sends it's first OPTIONS-request. After this request, mount.davfs will change into daemon mode and is no longer able to ask the user anything. When mount.davfs does a PROPFIND-request, the server will ask for credentials.

So mount.davfs asks for credentials as part of the start-up code, when gathering configuration information; i.e. as lang as it can ask the user.

Credentials are send to the server only when asked for. With TLS/SSL this is after the TSL-connection is established.

Cheers
Werner (upstream developer)


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to