Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Account lockouts due to authentication failures on closed projects

Stephen Oberholtzer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 17, 2022

SourceTree does not appear to properly keep track of authentication failures, and will retry indefinitely, which will eventually cause the user's account to be locked out.  (This is especially insidious when the account in question is a domain account, because it can prevent the user from e.g. connecting to a ticketing system to request assistance with the lockout.  Or logging into the workstation where SourceTree is running in order to terminate it.)

This problem has been noted elsewhere (but read on; I have new information):

https://community.atlassian.com/t5/Sourcetree-questions/User-account-getting-locked/qaq-p/1502118

https://community.atlassian.com/t5/Sourcetree-questions/Account-Lockouts/qaq-p/1062928

 

Looking at the Process Log (Process Viewer in the Tools menu) shows two curious things:

1. Repeated `git fetch` invocations with Caller Context = "GetFetchProcesses".

These all have the same output:

   fatal: Cannot prompt because user interactivity has been disabled.
   fatal: Authentication failed for 'https://our-local-bitbucket-server/scm/plat/repo.git'

This suggests that GetFetchProcesses -- or whatever invokes it -- is failing to track that the authentication request failed, and suppressing automatic fetches afterwards.  This is exacerbated by the following problem:

 

2. I see `git fetch` invocations for _dozens_ of projects that I don't even have open!

SourceTree seems to be automatically issuing fetch calls for repositories that have been used in the past, even they are not currently open.

This means that if stale credentials are stored for _any_ repository that SourceTree knows about, SourceTree will eventually trigger a lockout on that account.

 

0 comments

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events