Open topic with navigation
Change a user’s Helix Core password.
p4 [g-opts] passwd [-O oldpassword] [-P newpassword] [user]
By default, user records are created without passwords, and any
user can impersonate another by setting
P4USER or by using the globally-available
option. To prevent another user from impersonating you, use
passwd to set your password.
After you have set a password, you can authenticate with the password by providing it whenever in one of three ways:
P4PASSWDto the password value;
-P password option on the command line,
p4 -u ida -P idaspassword sync
Each of these three methods overrides the methods above it. Some of these methods may not be permitted depending on the security level configured for your installation.
applications on Windows and OS X that connect to
services at security levels 0 and 1,
p4 passwd stores
the password by using
set to store the MD5 hash of the password in the
registry or system settings. When connecting to
services at security levels 2, 3, or 4, password hashes are neither
stored in, nor read from, these locations.
You can improve security by using ticket-based authentication instead of
password-based authentication. To authenticate with tickets instead of
passwords, first set a password with
p4 passwd, and
then use the
p4 login and
p4 logout commands to
manage your authentication.
You can further improve security by assigning users to groups and
PasswordTimeout: field in the
p4 group form. If a user
belongs to more than one group, the largest
superusers can reset the passwords of individual users (or all users
site-wide) with the
p4 admin resetpassword command.
You can also set the
dm.user.resetpassword configurable (set
p4 configure) to
require that any newly-created users reset the password you assigned them
when you created their account.
For more about how user authentication works, see the Helix Versioning Engine Administrator Guide: Fundamentals.
Certain combinations of security level and
applications releases require users to set "strong" passwords. A password
is considered strong if it is at least
(by default, eight characters) long, and at least two of the following
For example, the passwords
aBcDeFgH are (by default) considered strong. For information
about how higher security levels work, see the
Helix Versioning Engine Administrator Guide: Fundamentals.
Avoid prompting by specifying the old password on the command line. This option is not supported if your site is configured to use security level 2, 3, or 4.
If you use the
Avoid prompting by specifying the new password on the command line. This option is not supported if your site is configured to use security level 2, 3, or 4.
Superusers can provide this argument to change the password of another user.
See Global Options.
|Can File Arguments Use Revision Specifier?||Can File Arguments Use Revision Range?||Minimal Access Level Required|
Passwords can be up to 1,024 characters in length. As of Release
2013.1, password length is configurable by setting the
dm.password.minlength configurable. To require passwords
to be at least 16 characters in length, a superuser can run:
$ p4 configure set dm.password.minlength=16
The default minimum password length is eight characters.
p4 passwdcommand never sends plaintext passwords over the network; a challenge/response mechanism is used to send the encrypted password to the service.
my passw, to Helix Core, use
p4 -P "my passw" command.
p4 passwd username
To change other user options
To change users' access levels
To log in using tickets instead of passwords
To force password reset