On Tue, Oct 04, 2011 at 12:19:59PM +0200, Michael J Gruber wrote: > But Git calls the askpass helper with a command line like > /usr/bin/ksshaskpass Username for 'bitbucket.org': > and once again with > /usr/bin/ksshaskpass Password for 'bitbucket.org': > So far so good. > > But when asked to store the credentials in the KDE wallet, ksshaskpass > tries (too) hard to guess a good key from that line. And for both > invocations, it comes up with the same key (the URL), so that when the > password info is needed, the username info from the wallet is returned. > Authentication fails. > Far from good. Neat. I didn't know ksshaskpass would do that. I wondered for a minute if all of the credential helper stuff could have gone through the askpass interface. But I don't think so. One problem is that the askpass interface only lets us ask for one thing at a time. So even with your clever hack, it will end up storing two separate keys: Username@host and Password@host. But it has no idea they're connected. So if you store "user1 / pass1", then try to push to "user2@host", we would silently use the password for user1. On top of that, there isn't much contextual information. I guess they assumed the guessing would be used for "ssh". But it means that a stored ssh password could potentially be used for git, and vice versa. I guess you could get around that by making the host field longer and more descriptive (i.e., a full url). -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html