Invalid sshkeys cache entries when the sshUserName changes
Currently the sshUserName property of an account, which also is the
key into the sshkeys cache, is tied to the account's preferred email
address. If the preferred email address changes, the sshUserName
might have changed, and we may need to flush the cache to ensure that
a prior negative cache entry (such as from a failed login attempt) is
cleared out and can honor the user's current keys.
This fixes a situation I had to troubleshoot today where the user was
getting denied at `repo upload` as their preferred email address (and
hence sshUserName) did not match the value set in user.email in the
local .git/config, so `repo upload` caused a negative cache entry for
that name to be inserted into the sshkeys cache. When the user
updated their preferred email address to match user.email, the
negative cache entry was still hung, denying login attempts until the
user deleted and readded the same public key again.
Signed-off-by: Shawn O. Pearce <sop@google.com>
1 file changed
