Ticket-based authentication
Ticket-based authentication is based on time-limited tickets that enable
users to connect to Helix Server.
Helix Server
creates a ticket for a user when they log in
using the p4 login -a
command.
Helix Server
applications store tickets in the file specified by the
P4TICKETS
environment variable. If this variable is not set,
tickets are stored in %USERPROFILE%\p4tickets.txt
on
Windows, and in $HOME/.p4tickets
on UNIX and other operating
systems.
By default, tickets have a finite lifespan, after which they cease to be
valid. By default, tickets are valid for 12 hours (43200 seconds). To set
different ticket lifespans for groups of users, edit the
Timeout:
field in the p4 group
form for
each group. The timeout value for a user in multiple groups is the
largest timeout value (including unlimited
, but ignoring
unset
) for all groups of which a user is a member. To create
a ticket that does not expire, set the Timeout:
field to
unlimited
.
Although tickets are not passwords,
a Helix Server accepts valid tickets wherever users can specify
Helix Server
passwords (except when logging in with the p4 login
command). This behavior provides the security advantages of ticket-based
authentication with the ease of scripting afforded by password
authentication. Ticket-based authentication is supported at all server
security levels, and is required at security level 3
and
4
.
A ticket expires:
- If the user's AuthMethod is changed
- If the user's password is changed and the user is using
AuthMethod
ofperforce
. - When the ticket's password expires. This assumes that password aging is in effect.