External Authentication Triggers

This section describes how to use authentication triggers with Perforce to use a centralized authentication server (for example, LDAP) to handle Perforce validation. Before you can use external authentication you will need:
  • Perforce Server 2005.2 or later.
  • Installed authentication trigger(s) (by way of p4 triggers).
External authentication in Perforce is implemented as a server side trigger, auth-check. When added to the triggers table and the server is restarted, auth-check triggers take over all authentication functionality for the Perforce server -- the previous P4 authentication functions are unavailable.

The flow of control for authentication is:
  1. A Perforce user initiates a login to Perforce. They enter their password, which is sent encrypted to the Perforce server.

  2. Perforce launches the installed auth-check trigger, passing the user name and password as arguments.

  3. The trigger runs, using the supplied user and password arguments to communicate to an authentication server.

  4. The authentication server responds to the trigger, which is responsible for determining if the response is adequate to allow access to the Perforce server (the trigger returns 0), or if access should be denied (the trigger returns 1).
While authentication functionality is given to an external system, user name verification still occurs against the Perforce server -- that is, the user account must exist on the Perforce server for external authentication to work.

Note: If the super users on the Perforce server cannot be authenticated against the authentication server, many Perforce administrative tasks, including access to the p4 triggers command, will be lost. Contact Perforce Support if you lose super user access to your server.

To configure External Authentication, read KB Article #74: Setting up External Authentication Triggers.

Articles

Authentication Triggers: Active Directory Notes SUMMARY: This article discusses potential problems and their workarounds when configuring an external authentication trigger to work with Active Directory servers. DETAILS: ORGANIZATIONAL UNITS:...
Authentication Triggers: Compiling the Examples TASK: What do I need to compile the LDAP trigger examples? What are the dependencies? DETAILS: PERL (REQUIRED FOR ...
Authentication Triggers: Example Script Details SUMMARY: There are several trigger examples available in KB Article 74, "Setting Up External Authentication Triggers." This article provides additional technical informa...
Authentication Triggers: Troubleshooting SUMMARY: Since authentication triggers can limit all access, including the super user's, it is possible to completely lock all access to the server. This article describes how to restore access&...

About This Page

Info & Tags

Article #:
449
Created:
12/20/05
Modified:
10/22/12
Tags:
authentication, external, triggers

Related Articles