<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>
<body>
<h1>Perforce Passwords</h1>
<hr>
<h2>Abstract:</h2>
<p>Perforce enables you to protect your user account from other people accessing
it by their "password" mechanism. By simply associating a
password with your user account, no one without the password can access
it. However, since the Perforce client requires access to the password in
a cleartext format, there are security risks, and thus must be addressed by
operating system access control of a file containing the cleartext
password. This document describes how to set up seamless multiple
operating system Perforce client access using passwords.</p>
<hr>
<h2>Contents:</h2>
<ul>
<li><a href="#Risks">Risks</a></li>
<li><a href="#NT">NT</a></li>
<li><a href="#Solaris">Solaris</a></li>
<li><a href="#Set your password on the Perforce server">Set your password on
the Perforce server</a></li>
<li><a href="#Tell Perforce to use your P4CONFIG file">Tell Perforce to use your P4CONFIG file</a></li>
</ul>
<hr>
<h2><a name="Risks">Risks</a></h2>
<p>The P4PASSWD variable is the biggest security risk in the entire Perforce
security model.</p>
<p>On the command line, typing:</p>
<pre>% p4 set</pre>
<p>Will reveal your P4PASSWD value in cleartext. Unless you password lock
your workstation when you walk away, someone could walk up to your terminal,
activate a command line (Unix or NT, whichever you have set up), type this
command, and acquire your Perforce password.</p>
<p><b>Solution: Password protect your workstation when you walk away from it.</b></p>
<hr>
<h2><a name="NT">NT</a></h2>
<p>When you log into your NT host, you automatically have a drive "S:"
mapped to '\\TOASTER\{COS username}'. This directory is readable on a
Solaris system, so it is important that you follow the directions for setting up
your Solaris environment listed below to prevent others from being able to read
your cleartext password.</p>
<ul>
<li>Create the "<a href="file:///S:/Perforce">S:\Perforce</a>"
folder.</li>
<li>Create the "<a href="file:///S:/Perforce/P4CONFIG">S:\Perforce\p4config</a>"
file using your favorite text editor. The file should contain:
<font face="Courier New">P4PASSWD=yourpassword</font></li>
</ul>
<p><b>FOR YOUR INFORMATION</b></p>
<p>The NT Perforce client uses the NT Registry to store persistent default
information about P4CLIENT, P4EDITOR, P4USER, P4PORT, P4PASSWD and (the most
important) P4CONFIG. Fortunately, in version 99.2 and later, of Perforce, the
"P4PASSWD" value is stored in an encrypted format in
"HKEY_CURRENT_USER\Software\Perforce\environment\P4PASSWD".</p>
<hr>
<h2><a name="Solaris">Solaris</a></h2>
<p>Solaris has always had good file system security, and allows you to protect a
directory so that only your userid has access to it. If you do not have
Solaris access (via "telnet mongo", for example), get an account set
up via the IT helpdesk (<a href="http://helpdesk">http://helpdesk</a>).</p>
<p>In your Solaris home directory:</p>
<ul>
<li>mkdir Perforce</li>
<li>chmod ga-rxw Perforce</li>
<li>cd Perforce</li>
</ul>
<p>Then, with your favorite text editor (vi, emacs, whatever), edit the file
"p4config". The file should contain:
<font face="Courier New">P4PASSWD=yourpassword</font></p>
<hr>
<h2><a name="Set your password on the Perforce server">Set your password on the
Perforce server</a></h2>
<p>Once you have set up your P4CONFIG files as mentioned above, all you have to
do now is tell the Perforce server what your password is:</p>
<ul>
<li>p4 passwd</li>
</ul>
<p>Just type in the same password here as in your P4CONFIG file. Use this
process to change your password as well.</p>
<hr>
<h2><a name="Tell Perforce to use your P4CONFIG file">Tell Perforce to use your P4CONFIG file</a></h2>
<p>On Windows, on the command line, type "p4 set P4CONFIG={path to
p4config.txt}".
</p>
<p>On Solaris, edit your shell startup script (for cshrc it's the "$HOME/.cshrc"
file) and add something like:
</p>
<blockquote>
<p><font face="Courier New">setenv P4CONFIG /home/yourusername/Perforce/p4config</font>
</p>
</blockquote>
<hr>
<p>Last updated: <!--webbot bot="Timestamp" S-Type="REGENERATED"
S-Format="%m/%d/%y %I:%M:%S %p" startspan -->02/26/01 09:09:39 AM<!--webbot bot="Timestamp" endspan i-CheckSum="27097" -->
</p>
</body>
</html>