Triggering for external authentication

Triggers of type auth-set fire when users (standard users or service users) run the p4 passwd command and successfully validate their old password with an auth-check (or service-check) trigger. The process is as follows:

  1. A user invokes p4 passwd.
  2. The Helix Core Server prompts the user to enter his or her old password.
  3. The Helix Core Server fires an auth-check trigger to validate the old password against the external authentication service.
  4. The script associated with the auth-check trigger runs. If the auth-check trigger fails, the process ends immediately: the user is not prompted for a new password, and the auth-set trigger never fires.
  5. If the auth-check trigger succeeds, the server prompts the user for a new password.
  6. The Helix Core Server fires an auth-set trigger and supplies the trigger script with both the old password and the new password on the standard input, separated by a newline.

    Note

    In most cases, users in an external authentication environment will continue to set their passwords without use of Helix Core Server. The auth-set trigger type is included mainly for completeness.

Because the Helix Core Server must validate the user’s current password, you must have a properly functioning auth-check trigger before attempting to write an auth-set trigger. A trivial authentication-setting script

Example   A trivial authentication-setting script

#!/bin/bash
# setpass.sh - a trivial authentication-setting script

USERNAME=$1

read OLDPASS
read NEWPASS

echo setpass.sh: $USERNAME attempted to change $OLDPASS to $NEWPASS

This auth-set trigger fires after users run p4 passwd and successfully pass the external authentication required by the auth-check trigger. To use the trigger, add the following two lines to the trigger table:

sample11  auth-check  auth  "checkpass.sh %user%"
sample12  auth-set    auth  "setpass.sh %user%"

This trivial example doesn’t actually change any passwords; it merely reports back what the user attempted to do.