I have seen two separate examples of users having access to another user's resources via WebDAV and Sakai.
First, on collab:
Second, on our own installation:
We have enabled RemoteUser, and I don't know how the DavServlet is handling/caching information (IP, username, etc.?). Basically, the scenario is this:
user1 logs into Sakai
user1 connects to WebDAV, authenticates, and sees their information.
user1 closes network places (Windows), but stays logged into Sakai
user2 logs into Sakai
user2 tries WebDAV, and enters user1 username and fake password
user2 can see user1 information.
I wouldn't think remoteuser enabling should cause this, however I am not certain? I will attempt further to repeat this without container auth set
I just wanted to log this before I forget.