[p4] scripting with ticket-based authentication?

Stephen Vance steve at vance.com
Wed Oct 12 13:01:42 PDT 2005


I haven't seen this, but in general your expiration time is the 
MAXIMUM of the time for all of your group memberships. I wonder if 0 
is not treated as a special case in that computation. If you look at 
all the groups you belong to, what is the maximum value? I would 
report this as a bug to support if you determine this to be the cause.

Steve

At 12:02 PM 10/12/2005, Vaden, Paul wrote:
>Hey Jeff,
>
>I recently migrated some servers and created a automated user in it's
>own group for checkpointing and such. Previously I had been setting the
>expiration to 999999999 to avoid the issue described in the original
>post. After seeing this post I set the expiration to 0 to avoid any
>surprises 999999999 seconds from now (yeah, I know, it's like 31 years
>or something). However, after issuing the p4 login command it says the
>ticket will expire in 11 hours 59 minutes.
>
>I'm running 2005.1, and the same behavior happened on both of the
>servers I tried it on.
>
>Has anyone else seen this?
>
>-V
>
>-----Original Message-----
>From: perforce-user-bounces at perforce.com
>[mailto:perforce-user-bounces at perforce.com] On Behalf Of Jeff Grills
>Sent: Thursday, October 06, 2005 2:27 PM
>To: John.Davis at sophos.com; perforce-user at perforce.com
>Cc: Amanda.Culver at sophos.com
>Subject: RE: [p4] scripting with ticket-based authentication?
>
>
>I've been in this exact situation before.  Perforce ticket expiration
>times
>are based on groups, and users in multiple groups get the longest
>timeout of
>any of the groups.  You can also set the timeout for a group to be 0,
>indicating that the ticket never expires.  We dedicated a perforce
>license
>for the automated scripts (you should be able to get a free license for
>an
>automated user from perforce - just ask!).  We then put that automated
>user
>in a group consisting of only themselves and gave that group a ticket
>timeout of 0.  Then we just simply issued a single "p4 login" on the
>automated machine to get a ticket that will never expire.  After that,
>the
>password for the automated user is no longer needed for anything.  The
>automated scripts never have to deal with embedded passwords or anything
>else - the ticket always works.
>
>Your IT department may want to set up the automated perforce user and
>issue
>the "p4 login" for you, which means they never need to worry about
>anyone
>else abusing that account's privileged ticket expiration.  In our case,
>the
>automated machine was running UNIX, and we had a dedicated UNIX account
>for
>the automation as well.  Users who needed access to the automated
>account
>were given sudo access to that user, which can be managed by your IT
>department as well.
>
>I think the solution is reasonably straight forward and secure.  Most
>any IT
>department will be okay with this solution as well, but if they're not,
>I'd
>ask them to propose another solution that meets your goals as well as
>theirs.
>
>j
>
>-----Original Message-----
>From: perforce-user-bounces at perforce.com
>[mailto:perforce-user-bounces at perforce.com] On Behalf Of
>John.Davis at sophos.com
>Sent: Thursday, October 06, 2005 8:21 AM
>To: perforce-user at perforce.com
>Cc: Amanda.Culver at sophos.com
>Subject: [p4] scripting with ticket-based authentication?
>
>We are using the Perforce ticket-based authentication system
>(security level 3). Our IT department has deciden on a policy of
>12-hour ticket expiry, which is acceptable (with some grumbles).
>
>We have several automated scripts, though, and I can't figure
>out the best way to run these without hitting problems with
>ticket expiry. Is it possible to write scripts which can login
>automatically? Obviously I'd rather not have plain text
>passwords in scripts, or anything obviously insecure.
>How do you guys manage this sort of thing?
>
>Our environment is mixed Unix and Windows, so solutions
>on either platform may be helpful. Oh, and we're using 2005.1.
>
>Thanks!
>
>         John
>
>
>_______________________________________________
>perforce-user mailing list  -  perforce-user at perforce.com
>http://maillist.perforce.com/mailman/listinfo/perforce-user
>
>_______________________________________________
>perforce-user mailing list  -  perforce-user at perforce.com
>http://maillist.perforce.com/mailman/listinfo/perforce-user
>
>
>_______________________________________________
>perforce-user mailing list  -  perforce-user at perforce.com
>http://maillist.perforce.com/mailman/listinfo/perforce-user

Stephen Vance
mailto:steve at vance.com
http://www.vance.com/




More information about the perforce-user mailing list