I am running TortoiseHg on Windows XP. I have the mercurial_keyring extension enabled.
Once a password is stored via the mercurial_keyring extension, is there any way to remove it?
A typical use case for this would be:
User A has no push privileges on a remote repository. User B, who is co-located, does have push privileges. User B enters his username and password on User A's machine to allow the push to happen.
How would I remove User B's credentials from User A's machine?
Win32 API calls to CredRead and CredWrite are used to save to the keyring. In other words, mercurial_keyring is saving credentials that you can manage with Windows Credential Manager (Win7), for XP it will be Run-rundll32.exe keymgr.dll, KRShowKeyMgr
From other side
Passwords are identified by the combination of username and remote address
thus, if hg-username of UserB isn't public, UserA will not get privileges escalation