[p4] Perforce passwords

Mohsin Saleem Khan MKhan at LMKR.COM
Wed Nov 15 22:09:47 PST 2006


I do not find p4 login, I tried p4 help login and no result. I guess p4 
passwd is used to change the password, with -P option you can provide new 
password

Regards

Mohsin Saleem Khan






"Russell C. Jackson" <rusty at rcjacksonconsulting.com> 
Sent by: perforce-user-bounces at perforce.com
11/16/2006 10:36 AM

To
David Alban <dalban at stubhub.com>
cc
perforce-user at perforce.com
Subject
Re: [p4] Perforce passwords






You can pass the password on the command line with p4 -P password, or 
you can run p4 login and enter your password. The login ticket will 
remain valid for the longest length of time the Timeout value is set to 
in any group that you belong to. If you put the super user in it's own 
group and set the timeout to 0, the login ticket will remain valid 
forever, and you will never have to enter the password again on that 
machine.

Thanks,
Rusty

--------------------------------------------------
RCJackson Consulting
Perforce Consulting Partner and Certified Trainer
--------------------------------------------------
rusty at rcjacksonconsulting.com
http://www.rcjacksonconsulting.com
tel:      479-696-9710
fax:      479-967-0963
mobile:   479-747-3845
--------------------------------------------------




David Alban wrote:
> Greetings,
>
> As soon as I realized that user foo could log into perforce as user bar
> and vice versa, of course I wanted perforce passwords to be used.
> Especially for any perforce user who has super rights.
>
> As soon as I set a password for user perforce, I could no longer execute
> p4 commands from the command line without getting the complaint:
>
>     Perforce password (P4PASSWD) invalid or unset.
>
> I figured out that user perforce could indeed execute command lines if
> its password was in the environment.
>
> Yet I didn't want to execute this on the command line:
>
>   export P4PASSWD=somepasswd
>
> because I didn't want the password to show up in my .bash_history file.
> So now when I want to run a command from the command line, I put the
> following in a file:
>
>   export P4PASSWD=somepasswd
>   p4 some command ...
>
> I then execute the file and subsequently delete it.
>
> Can perforce be directed to prompt me for a password on the command
> line?  Or be made to look for it on stdin?  gpg, for example, has the
> option:
>
>      --passphrase-fd n       Read the passphrase from file descriptor n.
>
> If you specify "--passphrase-fd 0" gpg will look for the passphrase on
> stdin.
>
> I'm looking for a way to do command line commands without having the
> password show up in a command history, in the process table, or in a
> file.
>
> Also, now my p4d init script can no longer stop p4d because of the same
> issue.  I was simply calling p4 admin stop.  It seems my options are
> now:
>
> 1.  Include an "export P4PASSWD=..." line in the init script before the
>     call to p4 admin stop
>
> 2.  Write a script, say "p4-admin-stop" (below) and have the init script
>     call it when it wants to stop the perforce server.
>
>   #!/bin/bash
>
>   # THIS FILE NEEDS *NOT* TO BE READABLE BY ANY USERS UNLESS THEY SHOULD
>   # KNOW THE PERFORCE USER PASSWORD, WHICH IS BELOW!
>
>   export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
>
>   server_user=perforce
>   server_user_passwd=somepasswd
>
>   [[ $( id -un ) !=  "$server_user" ]] && {
>     echo 1>&2 "${0##*/}: must be user '$server_user' to run $0"
>     exit 255
>   }
>
>   export P4PASSWD="$server_user_passwd"
>   p4 admin stop
>
> (The init script would su to perforce before it would run this.)
>
> If p4 had some kind of --passwd-fd or similar option (maybe even a
> --get-pw-from-file option?), I could at least prompt the user for the
> password if the init script was run interactively.
>
> How do other folks deal with this?  I really am squeamish about having
> the password of a perforce user that has super writes in a command
> history file, in a script, or in the process table.
>
> Is my understanding of the way passwords work correct?
>
> Thanks,
> David
> 
_______________________________________________
perforce-user mailing list  -  perforce-user at perforce.com
http://maillist.perforce.com/mailman/listinfo/perforce-user




More information about the perforce-user mailing list