Tristan, in swarm (to be more technically correct) we reject loging in with a password if no password is required. i.e. an attempt to auth as gnicol with 'password-guess' will fail if gnicol has no password.

https://swarm.perforce.com/projects/swarm/files/main/library/P4/Connection/AbstractConnection.php#612

I'd suggest the HWS would behave more sanely if it shared this approach.

This change is mostly meant to for clients to avoid workflow changes when the server has security 0 and no password. The empty "ticket" can be used as the user's valid password.

It's odd, I agree, and I don't like the fact the server allows this. But, it would add more complexity to the clients. I've requested that we block no passwords across the board too, and that didn't fly.

If you really, really want it changed, I'd need to run it past Alan again, since this was behavior he wanted.

Given you're consistent with P4D's behaviour I wouldn't push too hard on it.

I think allowing an invalid password for an account with no password is poor form though and given how long its been like that I can't imagine p4d can fix it (though our higher level apps certainly could).