Triggers and Passwords

Info & Tags

Article #:
723
Created:
04/20/07
Modified:
06/07/10
Tags:
groups, p4d, passwords, tickets, timeout, triggers

Related Articles

  1. P4Web and External Authentication Triggers
  2. Securing Your Perforce Server
  3. External Authentication Triggers
  4. Forgotten password
  5. Authentication Triggers: Example Script Details

TASK

Can I pass a user's password to a trigger?

How do I authenticate commands issued by that trigger?


SOLUTION

You cannot pass a specific user's password to a trigger as an argument. If your Perforce server is set to security level 2 or lower (see Chapter 3 of the Perforce System Administrator's Guide) you can have your trigger script run as the same user every time (typically a "background" user). Then, either have the server's P4PASSWD environment variable set to the background user's password, or use the -P flag to specify the password with the P4 commands issued by the script.

You can echo the password and pipe it to the login command. Note that there is no space between the password and the pipe symbol. 
echo <password>| p4 login
If you do not want to place a password in the script, you can use a text file containing the password. Make sure this password file has appropriate read and write privileges. 
p4 login < password.txt
A more secure method is to use ticket based authentication and a group to keep a background user "logged in" at the Perforce server:
  1. Create a group: 
    p4 group always_on
  2. Add your background user to the "Users" field.

  3. Change the timeout from the default setting (12 hours), which is set in seconds. The new value depends on the server version:

    • 2008.1 and later: Set this value to "unlimited". A timeout value of zero is no longer accepted.

    • 2005.1 to 2007.3: Set this value to zero.

    • 2004.2 and earlier: Set this to a very large value -- but not too large, as some server versions do not handle situations where the timeout is set to exceed the "Unix Epoch", which is approximately in the year 2038. A safe value is 315532800 seconds, which is about 10 years.

  4. Save the group.

  5. In your trigger script, log the background user in and run the trigger once. 
    echo password| p4 -p server:port -u username login
  6. If the trigger runs properly, you can remove the password line.

    The user now remains logged in. Since this is ticket based authentication, they remain logged in even if the server is shut down or the hardware is rebooted.
If you have difficulties, add debugging lines to your trigger script. The p4 tickets command will show the contents of the ticket file. The p4 login -s command will show the expiration time. 
p4 -u username -p server:port info
p4 -u username -p server:port tickets
p4 -u username -p server:port login -s 2>&1
On Windows, the Perforce trigger authenticates against the p4tickets.txt file. The p4tickets.txt file is usually located in C:\Documents and Settings\LocalService. If you would like to change this, run 

p4 set -s P4TICKETS=c:\p4tickets.txt

where c:\p4tickets.txt is a file and location you specify.

On Unix, the Perforce trigger authenticates against the .p4tickets file.

Notes:
  • The above steps only apply to scripts attempting to use p4 client commands (such as p4 admin checkpoint), rather than running a command from the Perforce Server machine. By running commands (such as p4d -jc) directly from the server, you avoid the login requirement.

  • If you use 0 (zero), "unset," or "unlimited" to indicate an unlimited timeout, and the background user is also a member of any other group with a limited timeout, the shorter timeout applies. In this case you can either remove the background user from those other groups, or change the unlimited timeout to the larger number.

  • A "background user" is a Perforce user account that is used solely for automated tasks, such as triggers and daemons. Perforce customers with current licenses can request an additional user added to their license file, free of charge. Contact Perforce support for more information.