[p4] scripting with ticket-based authentication?
jgrills at junctionpoint.com
Thu Oct 6 12:26:38 PDT 2005
I've been in this exact situation before. Perforce ticket expiration times
are based on groups, and users in multiple groups get the longest timeout of
any of the groups. You can also set the timeout for a group to be 0,
indicating that the ticket never expires. We dedicated a perforce license
for the automated scripts (you should be able to get a free license for an
automated user from perforce - just ask!). We then put that automated user
in a group consisting of only themselves and gave that group a ticket
timeout of 0. Then we just simply issued a single "p4 login" on the
automated machine to get a ticket that will never expire. After that, the
password for the automated user is no longer needed for anything. The
automated scripts never have to deal with embedded passwords or anything
else - the ticket always works.
Your IT department may want to set up the automated perforce user and issue
the "p4 login" for you, which means they never need to worry about anyone
else abusing that account's privileged ticket expiration. In our case, the
automated machine was running UNIX, and we had a dedicated UNIX account for
the automation as well. Users who needed access to the automated account
were given sudo access to that user, which can be managed by your IT
department as well.
I think the solution is reasonably straight forward and secure. Most any IT
department will be okay with this solution as well, but if they're not, I'd
ask them to propose another solution that meets your goals as well as
From: perforce-user-bounces at perforce.com
[mailto:perforce-user-bounces at perforce.com] On Behalf Of
John.Davis at sophos.com
Sent: Thursday, October 06, 2005 8:21 AM
To: perforce-user at perforce.com
Cc: Amanda.Culver at sophos.com
Subject: [p4] scripting with ticket-based authentication?
We are using the Perforce ticket-based authentication system
(security level 3). Our IT department has deciden on a policy of
12-hour ticket expiry, which is acceptable (with some grumbles).
We have several automated scripts, though, and I can't figure
out the best way to run these without hitting problems with
ticket expiry. Is it possible to write scripts which can login
automatically? Obviously I'd rather not have plain text
passwords in scripts, or anything obviously insecure.
How do you guys manage this sort of thing?
Our environment is mixed Unix and Windows, so solutions
on either platform may be helpful. Oh, and we're using 2005.1.
perforce-user mailing list - perforce-user at perforce.com
More information about the perforce-user