#52 password in ~/.davfs2/secrets doesn't work

closed-fixed
nobody
5
2006-06-01
2005-11-18
Anonymous
No

When I run mount.davfs without having a
~/.davfs2/secrets, I supply the username and password
and it works.

When I supply the password in ~/.davfs2/secrets, I get
the following output (the lines above and below with
the host name/fingerpint are left out):

If you can't verify the fingerprint the server may be
faked or there may be a man-in-the-middle-attack!
I am not a coward and accept the certificate anyway
[y,N]? y
Could not contact server:
301 Moved Permanently

I'm using version 0.2.4 on kernel 2.6.11-gentoo-r7
(thus on a gentoo system).

Discussion

  • Logged In: NO

    After some more experimenting I found out that the problem
    was that the webdav url didn't end with '/'.
    After attaching a '/' in /etc/fstab and in the secrets file
    it worked fine.

    You might want to warn users for this behavior in the manual
    page.

     
  • Werner Baumann
    Werner Baumann
    2005-11-21

    Logged In: YES
    user_id=1260327

    Thanks for the hint.
    I have changed the code to handle urls with and without
    trailing slash. At the moment it is only in CVS, but will be
    included in future releases.

    Werner

     
  • Logged In: NO

    Hello,

    I have a similar problem :

    if i try to mount an URL without trailing /
    my dav server ( apache + mod_dav ) complain
    with 301 Moved Permanently, ( the data sent by
    mount.davfs are OK, it is a problem of my dav
    server ! )

    to bypass this problem i have to use trailing
    slash in the URL, but in this case mount.davfs do
    not send the good authentication, ( i have spied
    with ethereal, and i can see that the authentication
    string contain garbage )

    the only difference is the trailing /, secrets and
    davfs2.conf are identical.

    I was previouly using 0.2.3 without problem !

    Best Regards ( d.roche@lectra.com )

     
  • Daniel Roche
    Daniel Roche
    2005-12-20

    Logged In: YES
    user_id=28417

    Sorry ,

    in the previous comment, i have just forgotten to say
    i am using version 0.2.6 , the binary package for 2.6
    kernel ( fedora core 4 )

    Best Regards

     
  • Werner Baumann
    Werner Baumann
    2005-12-21

    Logged In: YES
    user_id=1260327

    There is a bug in davfs2, so urls must have a trailing /
    Are you sure, you have this trailing / in the secrets file
    as well? And even in /etc/fstab?

    The authentication string you see with ethereal should look
    like garbage. Webdav servers usually use Digest
    Authentication and the password is not sent in clear, and
    not even md5 encrypted.

    A '301 Moved Permanently' usually indicates a problem with
    the url. If you have spaces in your url please see the man page.

    Werner

    P-S.: The trailing slash bug is fixed in CVS. But you will
    have to compile davfs2 yourself to use it.

     
  • Daniel Roche
    Daniel Roche
    2005-12-22

    Logged In: YES
    user_id=28417

    Thank you for your response,

    i had forgotten the trailing slash in the secrets file,
    i works now !

    PS 1:
    i have tried to compile myself ( the 0.2.6 not the cvs )
    but on fedora 4 it complaint that :
    /usr/src/linux/include/linux/config.h:6:2: error: #error
    including kernel header in userspace; use the glibc headers
    instead!

    since i can get the binary version i have not investigated
    further, any idea about it ?

    PS 2:
    i used (version 0.2.3) to let several users on my systems
    use the same dav mount, i found very annoying that it is no
    longer possible.
    I know it may lead to security problem, but i am in intranet
    environment, and i know what i am doing...
    so is it possible to bring back to uid, gid and umask options ?

    Best Regards

     
  • Logged In: NO

    Hello,

    > PS1:
    Concerning problems with kernel headers, please see
    http://sourceforge.net/mailarchive/forum.php?thread_id=9120946&forum_id=1351

    > PS2:
    From 0.2.3 to 0.2.4 we fixed (quick an dirty) security
    problems on the cost of severe restrictions.
    I am working on a new version that will include posix file
    permissions, to remove this restrictions without security
    risks. You will find it in CVS, branch select-coda-version.
    You may test and send me error reports. But it is far from
    ready for production use.

    So, at the moment you must decide:
    - use 0.2.6 to be secure, or
    - use 0.2.3 if you don't like the restrictions and work in a
    secure environment.

    (BTW: In a LAN environment I would prefer samba or nfs. In
    my opinion you need davfs2 if you want to access files from
    geographically different locations via internet.)

    Greetings
    Werner

     
  • Logged In: NO

    the davfs2 version on gentoo is broken

    he mount.davfs doesnt search in ~/.davfs2/secrets or
    /etc/screts.

    if you build davfs2 with USE="debug" you see where davfs
    look for config files

     
  • Werner Baumann
    Werner Baumann
    2006-01-26

    Logged In: YES
    user_id=1260327

    As I don't have a gentoo system, I need your debugging
    output to see anything. Please also send the output of the
    command "/sbin/mount.davfs -V" to know the version of davfs2.

    Werner

     
  • Werner Baumann
    Werner Baumann
    2006-06-01

    • status: open --> closed-fixed