[p4] scripting with ticket-based authentication?

Vaden, Paul pvaden at midway.com
Wed Oct 12 09:02:29 PDT 2005


Hey Jeff,

I recently migrated some servers and created a automated user in it's
own group for checkpointing and such. Previously I had been setting the
expiration to 999999999 to avoid the issue described in the original
post. After seeing this post I set the expiration to 0 to avoid any
surprises 999999999 seconds from now (yeah, I know, it's like 31 years
or something). However, after issuing the p4 login command it says the
ticket will expire in 11 hours 59 minutes.

I'm running 2005.1, and the same behavior happened on both of the
servers I tried it on.

Has anyone else seen this?

-V

-----Original Message-----
From: perforce-user-bounces at perforce.com
[mailto:perforce-user-bounces at perforce.com] On Behalf Of Jeff Grills
Sent: Thursday, October 06, 2005 2:27 PM
To: John.Davis at sophos.com; perforce-user at perforce.com
Cc: Amanda.Culver at sophos.com
Subject: RE: [p4] scripting with ticket-based authentication?


I've been in this exact situation before.  Perforce ticket expiration
times
are based on groups, and users in multiple groups get the longest
timeout of
any of the groups.  You can also set the timeout for a group to be 0,
indicating that the ticket never expires.  We dedicated a perforce
license
for the automated scripts (you should be able to get a free license for
an
automated user from perforce - just ask!).  We then put that automated
user
in a group consisting of only themselves and gave that group a ticket
timeout of 0.  Then we just simply issued a single "p4 login" on the
automated machine to get a ticket that will never expire.  After that,
the
password for the automated user is no longer needed for anything.  The
automated scripts never have to deal with embedded passwords or anything
else - the ticket always works.

Your IT department may want to set up the automated perforce user and
issue
the "p4 login" for you, which means they never need to worry about
anyone
else abusing that account's privileged ticket expiration.  In our case,
the
automated machine was running UNIX, and we had a dedicated UNIX account
for
the automation as well.  Users who needed access to the automated
account
were given sudo access to that user, which can be managed by your IT
department as well.

I think the solution is reasonably straight forward and secure.  Most
any IT
department will be okay with this solution as well, but if they're not,
I'd
ask them to propose another solution that meets your goals as well as
theirs.

j

-----Original Message-----
From: perforce-user-bounces at perforce.com
[mailto:perforce-user-bounces at perforce.com] On Behalf Of
John.Davis at sophos.com
Sent: Thursday, October 06, 2005 8:21 AM
To: perforce-user at perforce.com
Cc: Amanda.Culver at sophos.com
Subject: [p4] scripting with ticket-based authentication?

We are using the Perforce ticket-based authentication system
(security level 3). Our IT department has deciden on a policy of
12-hour ticket expiry, which is acceptable (with some grumbles).

We have several automated scripts, though, and I can't figure
out the best way to run these without hitting problems with
ticket expiry. Is it possible to write scripts which can login
automatically? Obviously I'd rather not have plain text
passwords in scripts, or anything obviously insecure.
How do you guys manage this sort of thing?

Our environment is mixed Unix and Windows, so solutions
on either platform may be helpful. Oh, and we're using 2005.1.

Thanks!

        John


_______________________________________________
perforce-user mailing list  -  perforce-user at perforce.com
http://maillist.perforce.com/mailman/listinfo/perforce-user

_______________________________________________
perforce-user mailing list  -  perforce-user at perforce.com
http://maillist.perforce.com/mailman/listinfo/perforce-user





More information about the perforce-user mailing list