Perforce 2007.2 System Administrator's Guide

More documents

Recommendations

Info

Chapter 3: Administering Perforce: Superuser TasksHow password-based authentication worksPassword-based authentication is stateless; once a password is correctly set, access isgranted for indefinite time periods. Prior to Release 2004.2, the password-basedauthentication mechanism did not enforce password strength or existence requirements.The concept of the server security level, introduced in Release 2004.2, enablesadministrators to enforce password strength and existence requirements. See “Serversecurity levels” on page 41 for details.Password based authentication is supported at security levels 0, 1, and 2.How ticket-based authentication worksTicket-based authentication is based on time-limited tickets that enable users to connect toPerforce servers. Tickets are stored in the file specified by the P4TICKETS environmentvariable. If this variable is not set, tickets are stored in %USERPROFILE%\p4tickets.txt onWindows, and in $HOME/.p4tickets on UNIX and other operating systems. Tickets aremanaged automatically by 2004.2 and later Perforce client programs.Tickets have a finite lifespan, after which they cease to be valid. By default, tickets arevalid for 12 hours (43200 seconds). To set different ticket lifespans for groups of users, editthe Timeout: field in the p4 group form for each group. The timeout value for a user inmultiple groups is the largest timeout value for all groups of which a user is a member. Tocreate a ticket that does not expire, set the Timeout: field to 0.Although tickets are not passwords, Perforce servers accept valid tickets wherever userscan specify Perforce passwords. This behavior provides the security advantages of ticketbasedauthentication with the ease of scripting afforded by password authentication.Ticket-based authentication is supported at all server security levels, and is required atsecurity level 3.Logging in to PerforceTo use ticket-based authentication, get a ticket by logging in with the p4 login command:p4 loginYou are prompted for your password, and a ticket is created for you in your ticket file.You can extend your ticket’s lifespan by calling p4 login while already logged in. If yourun p4 login while logged in, your ticket’s lifespan is extended by 1/3 of its initialtimeout setting, subject to a maximum of your initial timeout setting.By default, Perforce tickets are valid for your IP address only. If you have a shared homedirectory that is used on more than one machine, you can log in to Perforce from bothmachines by using the command:p4 login -ato create a ticket in your home directory that is valid from all IP addresses.40 Perforce 2007.2 System Administrator’s Guide
Chapter 3: Administering Perforce: Superuser TasksLogging out of PerforceTo log out of Perforce from one machine by removing your ticket, use the command:p4 logoutThe entry in your ticket file is removed. If you have valid tickets for the same Perforceserver, but those tickets exist on other machines, those tickets remain present (and youremain logged in) on those other machines.If you are logged in to Perforce from more than one machine, you can log out of Perforcefrom all machines from which you were logged in by using the command:p4 logout -aAll of your Perforce tickets are invalidated and you are logged out.Determining ticket statusTo see if your current ticket (that is, for your IP address, user name, and P4PORT setting) isstill valid, use the command:p4 login -sIf your ticket is valid, the length of time for which it will remain valid is displayed.To display all tickets you currently have, use the command:p4 ticketsThe contents of your ticket file are displayed.Server security levelsPerforce superusers can configure server-wide password usage requirements, passwordstrength enforcement, and supported methods of user/server authentication by settingthe security counter. To change the security counter, issue the command:p4 counter -f security seclevelwhere seclevel is 0, 1, 2, or 3. After setting the counter, stop and restart the server.Choosing a server security levelThe default security level is 0: passwords are not required, and password strength is notenforced.To ensure that all users have passwords, use security level 1. Users of old client programscan still enter weak passwords.To ensure that all users have strong passwords, use security level 2. Old Perforce softwarecontinues to work, but users of old Perforce client software must change their password toa strong password by using a Perforce client program at Release 2003.2 or above.To require that all users have strong passwords, and to require the use of session-basedauthentication, use security level 3 and current Perforce client software.Perforce 2007.2 System Administrator’s Guide 41
Page 2 and 3: This manual copyright 1997-2007 Per
Page 4 and 5: Table of ContentsLogging errors....
Page 6 and 7: Table of ContentsDeleting groups ..
Page 8 and 9: Table of ContentsChapter 9Perforce
Page 10 and 11: Preface: About This Manual10 Perfor
Page 12 and 13: Chapter 1: Welcome to Perforce: Ins
Page 26 and 27: Chapter 2: Supporting Perforce: Bac
Page 42 and 43: Chapter 3: Administering Perforce:
Page 86 and 87: Chapter 5: Customizing Perforce: Jo
Page 88 and 89: Chapter 5: Customizing Perforce: Jo
Page 90 and 91:
Chapter 5: Customizing Perforce: Jo
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Chapter 6: Scripting Perforce: Trig
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Chapter 7: Tuning Perforce for Perf
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Chapter 8: Perforce and WindowsUser
Page 136 and 137:
Chapter 8: Perforce and WindowsWind
Page 138 and 139:
Chapter 8: Perforce and WindowsBefo
Page 140 and 141:
Chapter 8: Perforce and WindowsReso
Page 142 and 143:
Chapter 8: Perforce and Windows142
Page 144 and 145:
Chapter 9: Perforce ProxySystem req
Page 146 and 147:
Chapter 9: Perforce ProxyAdminister
Page 148 and 149:
Chapter 9: Perforce ProxyMaximizing
Page 150 and 151:
Chapter 9: Perforce Proxy150 Perfor
Page 152 and 153:
Appendix A: Perforce Server (p4d) R
Page 154 and 155:
Appendix A: Perforce Server (p4d) R
Page 156 and 157:
Indexcreating checkpoints 26creatin
Page 158 and 159:
Index.ini files 49installationWindo
Page 160 and 161:
IndexP4ROOT 12, 152and depot files
Page 162 and 163:
Indexforce flag 51Perforce, definin
show all

Perforce 2007.2 System Administrator's Guide

Create successful ePaper yourself

Delete template?

Save as template?