Auth-check and service-check triggers

Triggers of type auth-check fire when standard or operator users run the p4 login command. Similarly, service-check triggers fire when service users users run the p4 login command. If the script returns 0, login is successful, and a ticket file is created for the user.

The service-check trigger works exactly like an auth-check trigger, but applies only to users whose Type: has been set to service. The service-check trigger type is used by Helix Server administrators who want to use LDAP to authenticate other Helix Server s in replicated and other multi-server environments.

Warning

If you are using auth-check triggers, the Helix Server superuser must also be able to authenticate against the remote authentication database. (If you, as the Helix Server superuser, cannot use the trigger, you may find yourself locked out of your own server, and will have to (temporarily) overwrite your auth-check trigger with a script that always passes in order to resolve the situation.)

Example A trivial authentication-checking script

All users must enter the password "secret" before being granted login tickets. Passwords supplied by the user are sent to the script on STDIN.

#!/bin/bash
# checkpass.sh - a trivial authentication-checking script

# in this trivial example, all users have the same "secret" password
USERNAME=$1
PASSWORD=secret

# read user-supplied password from stdin
read USERPASS

# compare user-supplied password with correct password
if [ "$USERPASS" = $PASSWORD ]
then
    # Success
    exit 0
fi

# Failure
echo checkpass.sh: password $USERPASS for $USERNAME is incorrect
exit 1

This auth-check trigger fires whenever users run p4 login. To use the trigger, add the following line to the trigger table:

sample11  auth-check  auth  "checkpass.sh %user%"

Users who enter the "secret" password are granted login tickets.