Securing the server
You can set up secure communication between clients and servers as well as between servers.
-
Communication between clients and servers can be secured using the SSL protocol, which you specify when connecting to the server. See Using SSL to encrypt connections to a Helix Server.
Communication between clients and servers can also be secured using a firewall. For more information, see Using firewalls.
- User authentication can be done using passwords or tickets, and the strength of the password can be defined by an administrator. Users can be authenticated against an Active Directory or LDAP server, or against an internal Helix Server user database. See Authentication options.
- Access is defined using "protections" that determine which Helix Core Server commands can be run, on which files, by whom, and from which host. See Authorizing access.
- Communication between servers in a multi-server environment can be secured using a "trust file", and by setting "protections" for the service users that own the different servers in the environment. For more information, see Create commit and edge server configurations.
Before you can configure access and authentication, you must create users as described in Managing users.
Recommended settings to configurables for security
After installing Helix Server, it is good practice to set the following configurables:
|
Purpose |
Configurable |
Value |
|---|---|---|
for each user's initial password: ensures that only users with the super access level A permission assigned to a user to control which commands the user can execute. See also the 'protections' entry in this glossary and the 'p4 protect' command in the P4 Command Reference., and whose password is already set, can set an initial password |
dm.user.setinitialpasswd | 0
|
| require ticket-based authentication | security | 3 or 4 |
| force new users that you create to reset their passwords | dm.user.resetpassword | 1
|
| prevent the automatic creation of new users | dm.user.noautocreate | 1 or 2 |
hide sensitive information from unauthorized users of p4 info |
dm.info.hide | 1
|
| hide user details from unauthenticated users | run.users.authorize | 1
|
hide information contained in 'keys' from those who lack admin access. One use case is Hiding Swarm storage from regular users. |
dm.keys.hide | 2
|
