January 27, 2011

Using an authorization server


While you may or may not have heard of an authorization server, it is a great idea to use one. This is especially true with the new replication and p4broker tools released with 2010.2. It is also useful for just making license management easier.

What is an authorization server? An authorization server is just a Perforce server that you use for managing your users and groups.

So, "How do I set one up?" you ask. Actually, it is really easy. Just set up a new Perforce server as you normally would, create all your users and groups and a spec depot in this server and nothing else. Then on all your other Perforce servers, use the new configure command in 2010.2 to store the P4AUTH setting by running:

p4 configure set P4AUTH=auth_server:port

You can also put P4AUTH=auth_server:port in the environment and restart the server for servers prior to 2010.2, but I recommend you upgrade to 2010.2 and take advantage of all the new features.

You have accomplished a few nice things by doing this:

  1. License management is now easier since you only have one server that will manage the users.
  2. User and group management is now easier as well since it is all on a single server.
  3. Setting up read only replica servers is now possible in conjunction with the broker since the users will get a ticket that is valid for all servers pointing to the authorization server.