Re: [RFC PATCH v1] http: add http.keepRejectedCredentials config
- Date: Thu, 7 Jun 2018 20:15:16 -0700
- From: Lars Schneider <larsxschneider@xxxxxxxxx>
- Subject: Re: [RFC PATCH v1] http: add http.keepRejectedCredentials config
> On 04 Jun 2018, at 11:55, Jeff King <peff@xxxxxxxx> wrote:
> On Mon, Jun 04, 2018 at 12:18:59PM -0400, Martin-Louis Bright wrote:
>> Why must the credentials must be deleted after receiving the 401 (or
>> any) error? What's the rationale for this?
> Because Git only tries a single credential per invocation. So if a
> helper provides one, it doesn't prompt. If you get a 401 and then the
> program aborts, invoking it again is just going to try the same
> credential over and over. Dropping the credential from the helper breaks
> out of that loop.
> In fact, this patch probably should give the user some advice in that
> regard (either in the documentation, or as a warning when we skip the
> rejection). If you _do_ have a bogus credential and set the new option,
> you'd need to reject it manually (you can do it with "git credential
> reject", but it's probably easier to just unset the option temporarily
> and re-invoke the original command).
I like the advice idea very much!
How about this?
$ git fetch
hint: Git has stored invalid credentials.
hint: Reject them with 'git credential reject' or
hint: disable the Git config 'http.keepRejectedCredentials'.
remote: Invalid username or password.
fatal: Authentication failed for 'https://server.com/myrepo.git/'
I am not really sure about the grammar :-)