Ticket-based authentication
Ticket-based authentication is based on time-limited tickets that enable
users to connect to Helix Core Server.
Helix Core Server
creates a ticket for a user when they log in
using the p4 login -a command.
Helix Core Server
applications store tickets in the file specified by the
P4TICKETS environment variable. If this variable is not set,
tickets are stored in %USERPROFILE%\p4tickets.txt on
Windows, and in $HOME/.p4tickets on UNIX and other operating
systems.
By default, tickets have a finite lifespan, after which they cease to be
valid. By default, tickets are valid for 12 hours (43200 seconds). To set
different ticket lifespans for groups of users, edit the
Timeout field in the p4 group form for
each group. The timeout value for a user in multiple groups is the
largest timeout value (including unlimited, but ignoring
unset) for all groups of which a user is a member. To create
a ticket that does not expire, set the Timeout field to
unlimited.
Although tickets are not passwords,
a Helix Core Server accepts valid tickets wherever users can specify
Helix Core Server
passwords (except when logging in with the p4 login
command). This behavior provides the security advantages of ticket-based
authentication with the ease of scripting afforded by password
authentication. Ticket-based authentication is supported at all server
security levels, and is required at security level 3 and
4.
A ticket expires:
- If the user's AuthMethod is changed
- If the user's password is changed and the user is using
AuthMethodofperforce. - When the ticket's password expires. This assumes that password aging is in effect.
