Triggering for external authentication
Triggers of type auth-set fire when users (standard users
or service users) run the p4 passwd command and
successfully validate their old password with an auth-check
(or service-check) trigger. The process is as follows:
- A user invokes
p4 passwd. - The Helix Core Server prompts the user to enter his or her old password.
- The
Helix Core Server
fires an
auth-checktrigger to validate the old password against the external authentication service. - The script associated with the
auth-checktrigger runs. If theauth-checktrigger fails, the process ends immediately: the user is not prompted for a new password, and theauth-settrigger never fires. - If the
auth-checktrigger succeeds, the server prompts the user for a new password. -
The Helix Core Server fires an
auth-settrigger and supplies the trigger script with both the old password and the new password on the standard input, separated by a newline.NoteIn most cases, users in an external authentication environment will continue to set their passwords without use of Helix Server. The
auth-settrigger type is included mainly for completeness.
Because the
Helix Core Server
must validate the user’s current password, you must have a properly
functioning auth-check trigger before attempting to write an
auth-set trigger. A trivial authentication-setting script
Example A trivial authentication-setting script
#!/bin/bash # setpass.sh - a trivial authentication-setting script USERNAME=$1 read OLDPASS read NEWPASS echo setpass.sh: $USERNAME attempted to change $OLDPASS to $NEWPASS
This auth-set trigger fires after users run p4
passwd and successfully pass the external authentication
required by the auth-check trigger. To use the trigger,
add the following two lines to the trigger table:
sample11 auth-check auth "checkpass.sh %user%" sample12 auth-set auth "setpass.sh %user%"
This trivial example doesn’t actually change any passwords; it merely reports back what the user attempted to do.
