p4 passwd

Change a user’s Helix server password.

Syntax conventions 

p4 [g-opts] passwd [-O oldpassword] [-P newpassword] [user]

Description

By default, user records are created without passwords, and any Helix server user can impersonate another by setting P4USER or by using -u, which is one of the Global Options. To prevent another user from impersonating you, use p4 passwd to set your password.

Important

We recommend that you improve security by using ticket-based authentication. This requires security level 3 or higher. See Server security levels in Helix Core Server Administrator Guide.

To authenticate with tickets, first set a password with p4 passwd, and then use the p4 login and p4 logout commands to manage your authentication.

You can further improve security by assigning users to groups and setting the PasswordTimeout: field in the p4 group form. If a user belongs to more than one group, the largest PasswordTimeout value applies.

For Helix server applications on Windows and OS X that connect to Helix server services at security levels 0 and 1, p4 passwd stores the password by using p4 set to store the MD5 hash of the password in the registry or system settings. When connecting to Helix server services at security levels 2, 3, or 4, password hashes are neither stored in, nor read from, these locations.

Helix server superusers can reset the passwords of individual users (or all users site-wide) with the p4 admin resetpassword command. You can also set the dm.user.resetpassword configurable (set with p4 configure) to require that any newly-created users reset the password you assigned them when you created their account.

Tip

To avoid possible character set mismatches with LDAP servers and clients, we recommend that passwords contain only the printable characters of the ASCII table, which are characters 32 - 126 at http://www.asciitable.com/

strong password

Certain combinations of security level and Helix server applications releases require users to set "strong" passwords. Helix Core server defines a strong password as:

  • at least dm.password.minlength long, which, by default, is 8 characters
  • contains at least two of the following :
    • Uppercase letter(s)
    • Lowercase letter(s)
    • Non-alphabetic character(s)

Although abcd1234 is by default, considered a strong password in an environment with the security configurable set to 2, it is too easy to guess.

Tip

To create secure password that is easy-to-remember:

  1. Start with a phrase, such as

    Perforce Enterprise-class Version Control.

  2. Make the phrase resemble a single word, such as

    PEnterprise-classVC.

  3. Represent some letters with non-alphabetical characters:

    PN2prI$-k|@zV(.

See also Server security levels in Helix Core Server Administrator Guide.

If your security needs are minimal

We recommend using ticket-based authentication. However, if your security needs are minimal, you can use one of these methods:

Method 1 Set the environment variable P4PASSWD to the password value
Method 2 (overrides Method 1) Create a setting for P4PASSWD within the P4CONFIG file.
Method 3 (overrides Methods 1 and 2)

Use the -P password option on the command line. For example,

p4 -u bruno -P PN2prI$-k|@zV(. sync

allows the administrator to invoke the p4 sync command as the user named bruno.

Depending on the security level of your installation, one or more of these methods might not be permitted. See the "Server security levels" topic in Helix Core Server Administrator Guide.

Options

-O oldpassword

Avoid prompting by specifying the old password on the command line. This option is not supported if your site is configured to use security level 2, 3, or 4.

If you use the -O option, you must use the -P option.

-P newpassword

Avoid prompting by specifying the new password on the command line. This option is not supported if your site is configured to use security level 2, 3, or 4.

user

Superusers can provide this argument to change the password of another user.

g-opts

See Global options.

Usage Notes

Can File Arguments Use Revision Specifier? Can File Arguments Use Revision Range? Minimal Access Level Required

N/A

N/A

list

  • Passwords can be up to 1,024 characters in length. As of Release 2013.1, password length is configurable by setting the dm.password.minlength configurable. To require passwords to be at least 16 characters in length, a superuser can run:

    $ p4 configure set dm.password.minlength=16

    The default minimum password length is eight characters.

  • The p4 passwd command never sends plaintext passwords over the network. A challenge/response mechanism is used to send the encrypted password to the service.
  • A password can contain spaces, but command line use of such a password requires quotes to enclose it in a single string:

    p4 -P "my password" command

  • If a user forgets her password, a Helix server superuser can reset it by specifying the username on the command line:

    p4 passwd username

  • To delete a password, set the password value to an empty string. Depending on your site’s security level, your Perforce service might not permit you to set a null password.
  • If you are using ticket-based authentication, changing your password invalidates all of your tickets and logs you out. This is equivalent to p4 logout -a.

Examples

The superuser wants to create a new user named joecoder and assign a password to that user:

p4 -u -f joecoder passwd

The server displays a user spec with default values, which the superuser accepts.

The server responds:

Enter new password:

The superuser types a password for joecoder, and the server responds:

Re-enter new password:

The superuser repeats the password, and the server responds:

Password updated.

Related Commands

To change other user options

p4 user

To change users' access levels

p4 protect

To log in using tickets instead of passwords

p4 login

To force password reset

p4 admin resetpassword