5 messages in com.perforce.perforce-user[p4] How do we use Solaris passwords ...| From | Sent On | Attachments |
|---|---|---|
| Stanley, Jack | 16 Dec 2003 14:15 | |
| Todd Short | 16 Dec 2003 15:30 | |
| Stanley, Jack | 16 Dec 2003 16:22 | |
| Noel Yap | 17 Dec 2003 05:17 | |
| Todd Short | 17 Dec 2003 07:18 |
| Subject: | [p4] How do we use Solaris passwords to access Perforce? |
|---|---|
| From: | Todd Short (tsh...@cisco.com) |
| Date: | 12/17/2003 07:18:44 AM |
| List: | com.perforce.perforce-user |
Unfortunately no. I have brought up some suggestions, however.
My ideas involve adding the following: 1. Adding into the P4 protocol the "real" username. Such that the P4USER variable can be ignored, and to allow administrators to masquerade as another user as needed. The permissions will be based on the "real" username, which is retreived from the OS. The effective user would be the P4USER variable. The P4USER variable would be used only for users with "super" protection rights. In effect, this uses the client's OS mechanisms for authentication.
2. Adding the ability to limit client versions (e.g.. 2002.2+) and host types (e.g. disallow windows), so that #1 can't be subverted by using an older version of the client. This also means that you'd be able to force people to upgrade their clients. Appropriate logs would be generated for bad versions. There should be options to log, permit and deny. Lines are processed until a match is found. For example:
[permit|deny|log|permit+log|deny+log] [[user|group] name|* *] [[-]version[+]|hosttype]...
3. An authentication call out. This would slow down operations, but would increase security. If you trust the systems in your company, (e;g. they are all corporate Solaris boxes), then #1 could handle authentication. For those employing Windows 9x/Me, or where root access is accessible to "owners", then this is more important.
4. When using the CLI, the ability to be asked, just once, for your password, and then have it saved in the shell's memory (as an environment variable). the password should be hashed, and should not be written to disk, so that when that shell terminates, the password is gone. Setting the password into the Window's registry (using P4Win) has a similar effect, in that it is hashed (or at least, it appears to be).
5. The ability to configure all of the above!
-- -Todd Short //tshort at cisco.com //"One if by land, two if by sea, three if by the Internet."
-----Original Message----- From: perf...@perforce.com [mailto:perforce-user-admin at perforce.com]On Behalf Of Stanley, Jack Sent: Tuesday, December 16, 2003 7:23 PM To: perforce-user at perforce.com Subject: RE: [p4] How do we use Solaris passwords to access Perforce?
Oh yes, I agree. Did you come up with any kind of decent solution? We're trying to avoid using P4PASSWD.
Jack
-----Original Message----- From: Todd Short Sent: Tuesday, December 16, 2003 3:31 PM To: Stanley, Jack; perforce-user at perforce.com Subject: RE: [p4] How do we use Solaris passwords to access Perforce?
I'd love to have something similar, but Perforce does not provide hooks for authentication, although it should.
-- -Todd Short //tshort at cisco.com //"One if by land, two if by sea, three if by the Internet."
-----Original Message----- From: perf...@perforce.com [mailto:perforce-user-admin at perforce.com]On Behalf Of Stanley, Jack Sent: Tuesday, December 16, 2003 5:16 PM To: perforce-user at perforce.com Subject: [p4] How do we use Solaris passwords to access Perforce?
We'd like to limit Perforce access to only those people who are in the /etc/nsswitch.conf file. Essentially, these are the same people who are in the /etc/passwd & /etc/shadow files. (The reason we're doing this is to implement a global one-password scheme. Users should only need one password to access Perforce whether they are in-house or outside the company). My sys admin says we need to be able access the Solaris API. Is there a conversion mechanism for converting from OS password databases to perforce password databases? I hope I'm making sense... Thanks, Jack Stanley IT Consultant, Covad Communications