Perforce Passwords


Abstract:

Perforce enables you to protect your user account from other people accessing it by their "password" mechanism.  By simply associating a password with your user account, no one without the password can access it.  However, since the Perforce client requires access to the password in a cleartext format, there are security risks, and thus must be addressed by operating system access control of a file containing the cleartext password.  This document describes how to set up seamless multiple operating system Perforce client access using passwords.


Contents:


Risks

The P4PASSWD variable is the biggest security risk in the entire Perforce security model.

On the command line, typing:

% p4 set

Will reveal your P4PASSWD value in cleartext.  Unless you password lock your workstation when you walk away, someone could walk up to your terminal, activate a command line (Unix or NT, whichever you have set up), type this command, and acquire your Perforce password.

Solution: Password protect your workstation when you walk away from it.


NT

When you log into your NT host, you automatically have a drive "S:" mapped to '\\TOASTER\{COS username}'.  This directory is readable on a Solaris system, so it is important that you follow the directions for setting up your Solaris environment listed below to prevent others from being able to read your cleartext password.

FOR YOUR INFORMATION

The NT Perforce client uses the NT Registry to store persistent default information about P4CLIENT, P4EDITOR, P4USER, P4PORT, P4PASSWD and (the most important) P4CONFIG.  Fortunately, in version 99.2 and later, of Perforce, the "P4PASSWD" value is stored in an encrypted format in "HKEY_CURRENT_USER\Software\Perforce\environment\P4PASSWD".


Solaris

Solaris has always had good file system security, and allows you to protect a directory so that only your userid has access to it.  If you do not have Solaris access (via "telnet mongo", for example), get an account set up via the IT helpdesk (http://helpdesk).

In your Solaris home directory:

Then, with your favorite text editor (vi, emacs, whatever), edit the file "p4config".  The file should contain: P4PASSWD=yourpassword


Set your password on the Perforce server

Once you have set up your P4CONFIG files as mentioned above, all you have to do now is tell the Perforce server what your password is:

Just type in the same password here as in your P4CONFIG file.  Use this process to change your password as well.


Tell Perforce to use your P4CONFIG file

On Windows, on the command line, type "p4 set P4CONFIG={path to p4config.txt}".

On Solaris, edit your shell startup script (for cshrc it's the "$HOME/.cshrc" file) and add something like:

setenv P4CONFIG /home/yourusername/Perforce/p4config


Last updated: 02/26/01 09:09:39 AM