Triggers and Passwords

Info & Tags

Article #:
723
Created:
04/20/07
Modified:
01/06/09
Tags:
groups, p4d, passwords, tickets, timeout, triggers

Related Articles

  1. Forgotten password
  2. Setting Up External Authentication Triggers
  3. Authentication Triggers: Example Script Details
  4. External Authentication Triggers
  5. Authentication Triggers: Active Directory Notes

TASK

Can I pass a user's password to a trigger?
How do I authenticate commands issued by that trigger?

SOLUTION

You cannot pass a specific user's password to a trigger as an argument. If your Perforce server is set to security level 2 or lower (see Chapter 3 of the Perforce System Administrator's Guide) you can have your trigger script run as the same user every time (typically a "background" user). Then, either have the server's P4PASSWD environment variable set to the background user's password, or use the -P flag to specify the password with the P4 commands issued by the script.

If you want to log the background user in, you can either use a text file containing the password: 
p4 login < password.txt
Or you can echo the password and pipe it to the login command: 
echo <password> | p4 login
A more secure method is to use ticket based authentication and a group to keep a background user "logged in" at the Perforce server:
  1. Create a group: 
    p4 group always_on
  2. Add your background user to the "Users" field.

  3. Change the timeout from the default setting (12 hours), which is set in seconds. The new value depends on the server version:

    • 2008.1 and later: Set this value to "unlimited". A timeout value of zero is no longer accepted.

    • 2005.1 to 2007.3: Set this value to zero.

    • 2004.2 and earlier: Set this to a very large value -- but not too large, as some server versions do not handle situations where the timeout is set to exceed the "Unix Epoch", which is approximately in the year 2038. A safe value is 315532800 seconds, which is about 10 years.

  4. Save the group.

  5. At the Perforce server, log the background user in: 
    p4 -u background_user login
The user now remains logged in. Since this is ticket based authentication, they remain logged in even if the server is shut down or the hardware is rebooted.

Notes:
  • The above steps only apply to scripts attempting to use p4 client commands (such as p4 admin checkpoint), rather than running a command from the Perforce Server machine. By running commands (such as p4d -jc) directly from the server, you avoid the login requirement.

  • If you use 0 (zero) or "unset" to indicate an unlimited timeout, and the background user is also a member of any other group with a limited timeout, the shorter timeout applies. In this case you can either remove the background user from those other groups, or change the unlimited timeout to the larger number.

  • A "background user" is a Perforce user account that is used solely for automated tasks, such as triggers and daemons. Perforce customers with current licenses can have an additional user added to their license file, free of charge, on request. Contact Perforce support for more information.