Cached token should be invalidated immediately if server rejects it.

[vitaliyf]

When --make-token is used a token is stored in ~/.peppercache with an expiration time. However, it's possible that server will expire this token sooner for some reason (we found that restarting salt-api process does that). In this case, user gets stuck with perpetual "access denied" errors due to now invalid token.

Instead, pepper should immediately expire saved token if server rejects it and ask for password again.

[whiteinge]

Agreed. Thanks for filing this.

[ggiesen]

Also hitting this. Doesn't make for a great user experience, especially for less technical users.