[p4] Triggers and best practice authentication from scripts

Finn Normann Pedersen merenpha at gmail.com
Thu Nov 30 05:12:15 PST 2006


Hi Stephen,

He he ... agree on paranoid defensive programming, but however in this
case when you add the auth-check trigger, the entire authentication
system is hooked to an external program, which means that if my
external program doesnt work for some reason (LDAP down, moved,
reconfigured DN,CN) I cannot access the P4 database and remove or
alter the trigger.

That was why I asked if there was another way to remove the trigger,
other than "p4 triggers".

Regards,
  Finn



On 11/30/06, Stephen Vance <steve at vance.com> wrote:
>
>  Just implicitly by removing or replacing the trigger script.
>
>  I'd just advocate paranoid levels of defensive programming.
>
>  Steve
>
>
>  Finn Normann Pedersen wrote:
>  Thanks for all the nice replies !
>
> A related question on triggers - can you (somehow) remove triggers
> without access from a super account, e.g. directly from the server.
> While auth-check features are nice, script errors kinda lock up access
> to P4!?
>
> (and yes, I do use a test server while jinxing these scripts)
>
> Cheers,
>  Finn
>
>
> Matthew Janulewicz wrote:
>
>
>  I believe this is true.
>
> When I take my laptop home and log in through our VPN, I get asked to
> log in again. When I come back to work, I log in a second (third,
> really) time.
>
> I don't believe I have a static IP address at work, though. Perhaps it
> has something to do with hostname? Or maybe I'm just nuts?
>
>
> -Matt
>
>
> -----Original Message-----
> From: Greg Whitfield [mailto:g.whitfield at computer.org]
> Sent: Wednesday, November 29, 2006 1:06 PM
> To: 'Tetlow, Gordon'; 'Elkins, Mark'; 'Finn Normann Pedersen'
> Cc: perforce-user at perforce.com
> Subject: Re: [p4] Triggers and best practice authentication from scripts
>
> I may be wrong on this, but I have a vague recollection that the ticket
> gets
> reset if you login from another IP address as the same user. If this
> happened then the trigger would start to fail until you did another p4
> login
> from the machine upon which the triggers were executing.
>
> Worth checking, and perhaps enforcing with the protections table to only
> allow your background user account access from a single IP address.
>
> Greg
> ~~~~
>
>
>
>
> -----Original Message-----
> From: perforce-user-bounces at perforce.com
> [mailto:perforce-user-bounces at perforce.com] On Behalf Of
> Tetlow, Gordon
> Sent: 29 November 2006 20:02
> To: Elkins, Mark; Finn Normann Pedersen
> Cc: perforce-user at perforce.com
> Subject: Re: [p4] Triggers and best practice authentication from scripts
>
> Security level is meaningless when you have an auth trigger.
>
> You *must* use 'p4 login' when you have an auth trigger. Using p4 -P
> mypass
> doesn't work anymore.
>
> I would recommend you run your triggers as a background user with a
> really
> long timeout. Just add the user to a group with a timeout of 0 and you
> should be set until 2038 or so.
>
> -gordon
>
>
>  _______________________________________________
> perforce-user mailing list - perforce-user at perforce.com
> http://maillist.perforce.com/mailman/listinfo/perforce-user
>
>
>



More information about the perforce-user mailing list