Auth-check and service-check triggers
Triggers of type auth-check
fire when standard or operator
users run the p4 login
command. Similarly,
service-check
triggers fire when service users users run the
p4 login
command. If the script returns
0
, login is successful, and a ticket file is created for the
user.
The service-check
trigger works exactly like an
auth-check
trigger, but applies only to users whose
Type:
has been set to service
. The
service-check
trigger type is used by
Helix Core Server
administrators who want to use LDAP to authenticate other
Helix Core Server s in replicated and other multi-server environments.
If you are using auth-check
triggers, the
Helix Core Server
superuser must also be able to authenticate against the remote
authentication database. (If you, as the
Helix Core Server
superuser, cannot use the trigger, you might find yourself locked out of
your own server, and will have to (temporarily) overwrite your
auth-check trigger with a script that always passes in order to resolve
the situation.)
Example A trivial authentication-checking script
All users must enter the password "secret" before being granted login tickets. Passwords supplied by the user are sent to the script on STDIN.
#!/bin/bash # checkpass.sh - a trivial authentication-checking script # in this trivial example, all users have the same "secret" password USERNAME=$1 PASSWORD=secret # read user-supplied password from stdin read USERPASS # compare user-supplied password with correct password if [ "$USERPASS" = $PASSWORD ] then # Success exit 0 fi # Failure echo checkpass.sh: password $USERPASS for $USERNAME is incorrect exit 1
This auth-check
trigger fires whenever users run
p4 login
. To use the trigger, add the following
line to the trigger table:
sample11 auth-check auth "checkpass.sh %user%"
Users who enter the "secret" password are granted login tickets.