[p4] Triggers and best practice authentication from scripts

Stephen Vance steve at vance.com
Thu Nov 30 07:07:39 PST 2006


Ahhhh. If we're talking about extreme measures, you can shut down the 
server, delete db.trigger and restart the server. You could do it more 
surgically by checkpointing (directly from p4d), removing the offending 
trigger line and restoring your checkpoint.

Steve

Finn Normann Pedersen wrote:
> Hi Stephen,
>
> He he ... agree on paranoid defensive programming, but however in this
> case when you add the auth-check trigger, the entire authentication
> system is hooked to an external program, which means that if my
> external program doesnt work for some reason (LDAP down, moved,
> reconfigured DN,CN) I cannot access the P4 database and remove or
> alter the trigger.
>
> That was why I asked if there was another way to remove the trigger,
> other than "p4 triggers".
>
> Regards,
>  Finn
>
>
>
> On 11/30/06, Stephen Vance <steve at vance.com> wrote:
>>
>>  Just implicitly by removing or replacing the trigger script.
>>
>>  I'd just advocate paranoid levels of defensive programming.
>>
>>  Steve
>>
>>
>>  Finn Normann Pedersen wrote:
>>  Thanks for all the nice replies !
>>
>> A related question on triggers - can you (somehow) remove triggers
>> without access from a super account, e.g. directly from the server.
>> While auth-check features are nice, script errors kinda lock up access
>> to P4!?
>>
>> (and yes, I do use a test server while jinxing these scripts)
>>
>> Cheers,
>>  Finn
>>
>>
>> Matthew Janulewicz wrote:
>>
>>
>>  I believe this is true.
>>
>> When I take my laptop home and log in through our VPN, I get asked to
>> log in again. When I come back to work, I log in a second (third,
>> really) time.
>>
>> I don't believe I have a static IP address at work, though. Perhaps it
>> has something to do with hostname? Or maybe I'm just nuts?
>>
>>
>> -Matt
>>
>>
>> -----Original Message-----
>> From: Greg Whitfield [mailto:g.whitfield at computer.org]
>> Sent: Wednesday, November 29, 2006 1:06 PM
>> To: 'Tetlow, Gordon'; 'Elkins, Mark'; 'Finn Normann Pedersen'
>> Cc: perforce-user at perforce.com
>> Subject: Re: [p4] Triggers and best practice authentication from scripts
>>
>> I may be wrong on this, but I have a vague recollection that the ticket
>> gets
>> reset if you login from another IP address as the same user. If this
>> happened then the trigger would start to fail until you did another p4
>> login
>> from the machine upon which the triggers were executing.
>>
>> Worth checking, and perhaps enforcing with the protections table to only
>> allow your background user account access from a single IP address.
>>
>> Greg
>> ~~~~
>>
>>
>>
>>
>> -----Original Message-----
>> From: perforce-user-bounces at perforce.com
>> [mailto:perforce-user-bounces at perforce.com] On Behalf Of
>> Tetlow, Gordon
>> Sent: 29 November 2006 20:02
>> To: Elkins, Mark; Finn Normann Pedersen
>> Cc: perforce-user at perforce.com
>> Subject: Re: [p4] Triggers and best practice authentication from scripts
>>
>> Security level is meaningless when you have an auth trigger.
>>
>> You *must* use 'p4 login' when you have an auth trigger. Using p4 -P
>> mypass
>> doesn't work anymore.
>>
>> I would recommend you run your triggers as a background user with a
>> really
>> long timeout. Just add the user to a group with a timeout of 0 and you
>> should be set until 2038 or so.
>>
>> -gordon
>>
>>
>>  _______________________________________________
>> perforce-user mailing list - perforce-user at perforce.com
>> http://maillist.perforce.com/mailman/listinfo/perforce-user
>>
>>
>>
>



More information about the perforce-user mailing list