Change a user’s Helix server password.
p4 [g-opts] passwd [-O oldpassword] [-P newpassword] [user]
By default, user records are created without passwords, and any
user can impersonate another by setting
P4USER or by using
-u, which is one of the Global Options. To prevent another user from impersonating you, use
passwd to set your password.
You can further improve security by assigning users to groups and
PasswordTimeout: field in the
p4 group form. If a user
belongs to more than one group, the largest
applications on Windows and OS X that connect to
services at security levels 0 and 1,
p4 passwd stores
the password by using
set to store the MD5 hash of the password in the
registry or system settings. When connecting to
services at security levels 2, 3, or 4, password hashes are neither
stored in, nor read from, these locations.
superusers can reset the passwords of individual users (or all users
site-wide) with the
p4 admin resetpassword command.
You can also set the
dm.user.resetpassword configurable (set
p4 configure) to
require that any newly-created users reset the password you assigned them
when you created their account.
To avoid possible character set mismatches with LDAP servers and clients, we recommend that passwords contain only the printable characters of the ASCII table, which are characters 32 - 126 at http://www.asciitable.com/
Certain combinations of security level and Helix server applications releases require users to set "strong" passwords. Helix Core server defines a strong password as:
- at least
dm.password.minlengthlong, which, by default, is
- contains at least two of the following :
- Uppercase letter(s)
- Lowercase letter(s)
- Non-alphabetic character(s)
abcd1234 is by default, considered a strong password in an environment with the security configurable set to
2, it is too easy to guess.
To create secure password that is easy-to-remember:
- Start with a phrase, such as
Enterprise-class Version Control.
- Make the phrase resemble a single word, such as
- Represent some letters with non-alphabetical characters:
We recommend using ticket-based authentication. However, if your security needs are minimal, you can use one of these methods:
|Method 1||Set the environment variable
|Method 2 (overrides Method 1)||Create a setting for
|Method 3 (overrides Methods 1 and 2)||
allows the administrator to invoke the
Avoid prompting by specifying the old password on the command line. This option is not supported if your site is configured to use security level 2, 3, or 4.
If you use the
Avoid prompting by specifying the new password on the command line. This option is not supported if your site is configured to use security level 2, 3, or 4.
Superusers can provide this argument to change the password of another user.
See Global options.
|Can File Arguments Use Revision Specifier?||Can File Arguments Use Revision Range?||Minimal Access Level Required|
Passwords can be up to 1,024 characters in length. As of Release 2013.1, password length is configurable by setting the
dm.password.minlengthconfigurable. To require passwords to be at least 16 characters in length, a superuser can run:
$ p4 configure set dm.password.minlength=16
The default minimum password length is eight characters.
p4 passwdcommand never sends plaintext passwords over the network. A challenge/response mechanism is used to send the encrypted password to the service.
- A password can contain spaces, but command line use of such a password requires quotes to enclose it in a single string:
p4 -P "my password" command
- If a user forgets her password, a
superuser can reset it by specifying the username on the command line:
p4 passwd username
- To delete a password, set the password value to an empty string. Depending on your site’s security level, your Perforce service might not permit you to set a null password.
- If you are using ticket-based authentication, changing your password
invalidates all of your tickets and logs you out. This is equivalent to
The superuser wants to create a new user named
joecoder and assign a password to that user:
p4 -u -f joecoder passwd
The server displays a user spec with default values, which the superuser accepts.
The server responds:
Enter new password:
The superuser types a password for
joecoder, and the server responds:
Re-enter new password:
The superuser repeats the password, and the server responds:
To change other user options
To change users' access levels
To log in using tickets instead of passwords
To force password reset