Re: [RFC PATCH v1] http: add http.keepRejectedCredentials config
- Date: Fri, 8 Jun 2018 01:47:45 -0400
- From: Jeff King <peff@xxxxxxxx>
- Subject: Re: [RFC PATCH v1] http: add http.keepRejectedCredentials config
On Thu, Jun 07, 2018 at 08:15:16PM -0700, Lars Schneider wrote:
> > In fact, this patch probably should give the user some advice in that
> > regard (either in the documentation, or as a warning when we skip the
> > rejection). If you _do_ have a bogus credential and set the new option,
> > you'd need to reject it manually (you can do it with "git credential
> > reject", but it's probably easier to just unset the option temporarily
> > and re-invoke the original command).
> I like the advice idea very much!
> How about this?
> $ git fetch
> hint: Git has stored invalid credentials.
> hint: Reject them with 'git credential reject' or
> hint: disable the Git config 'http.keepRejectedCredentials'.
> remote: Invalid username or password.
> fatal: Authentication failed for 'https://server.com/myrepo.git/'
> I am not really sure about the grammar :-)
It's probably not worth pointing the user at "git credential reject",
since it's not really meant to be friendly to users. In particular, you
have to speak the credential protocol on stdin.
echo https://server.com/myrepo.git | git credential reject
might be enough, but I didn't test. Probably better advice is to just
repeat the command. Maybe:
hint: Git kept invalid credentials due to the value of
hint: http.keepRejectedCredentials. If you wish to drop these
hint: credentials and be prompted for new ones, re-run your
hint: command with "git -c http.keepRejectedCredentials=false".