Gitolite-sshkey-form is a simple web application that allows users to submit their ssh public keys directly to gitolite. While this can simplify public key distribution, an administrator still has to give users access rights through gitolite-admin.conf.
The update.authenticate.sh hook can be used to authenticate users that gitolite has authorized. Once a user has associated their alias (eg. johndoe) with an identity (eg. John Doe < jdoe@email >) the hook will compare that identity against the committer field of all commit object that the user is attempting to push. In pseudo-code:
identity = < fetch gitolite-sshkey-form/get-identity/johndoe >
revisions = < list of revisions that we're trying to push >
for revision in revisions:
committer = < get committer for revision >
if identity is not committer: complain()
If you wish to disable this functionality, set ENABLE_IDENTITIES to False in the configuration file. This would remove the /set-identity, /get-identity paths, as well as the identity text input from the index view.
Since gitolite-sshkey-form needs a REMOTE_USER to be set by your application server, you most likely already have a better service against which to authenticate commits (centralized authentication). The described functionality might be useful if your authentication backend does not contain all the necessary information (full name, email) or in cases where it is easier to manage your git identity separately.