Perforce 2009.2: Command Reference

p4 passwd

Synopsis

Change a user's Perforce password on the server.

Syntax

p4 [g-opts] passwd [-O oldpassword] [-P newpassword] [user]

Description

By default, user records are created without passwords, and any Perforce user can impersonate another by setting P4USER or by using the globally-available -u flag. To prevent another user from impersonating you, use p4 passwd to set your password to any string that doesn't contain the comment character #.

After you have set a password, you can authenticate with the password by providing it to the Perforce server program whenever you run any Perforce command. You can provide passwords to the Perforce server in one of three ways:

•	Set the environment or registry variable P4PASSWD to the password value;

•	Create a setting for P4PASSWD within the P4CONFIG file;

•	Use the -P password flag on the Perforce client command line, for example:

p4 -u ida -P idaspassword sync

Each of these three methods overrides the methods above it. Some of these methods may not be permitted depending on your server's security level.

On Windows clients connecting to servers at security levels 0 and 1, p4 passwd stores the password by using p4 set to change the local registry variable. (The registry variable holds only the encrypted MD5 hash, not the password itself.) On Windows clients connecting to servers at security levels 2 and 3, password hashes are neither stored in, nor read from, the registry.

You can improve security by using ticket-based authentication instead of password-based authentication. To authenticate with tickets instead of passwords, first set a password with p4 passwd, and then use the p4 login and p4 logout commands to manage your authentication. For more about how ticket-based authentication works, see the System Administrator's Guide.

Certain combinations of server security level and Perforce client software releases require users to set "strong" passwords. A password is considered strong if it is at least eight characters long, and at least two of the following are true:

•	Password contains uppercase letters

•	Password contains lowercase letters

•	Password contains non-alphabetic characters.

For example, the passwords a1b2c3d4, A1B2C3D4, aBcDeFgH are considered strong. For information about how higher security levels work, see the System Administrator's Guide.

Options

-O oldpassword	Avoid prompting by specifying the old password on the command line. This option is not supported if your server is using security level 3.
-P newpassword	Avoid prompting by specifying the new password on the command line. This option is not supported if your server is using security level 3.
user	Superusers can provide this argument to change the password of another user.
g-opts	See the Global Options section.

Usage Notes

Can File Arguments Use Revision Specifier?	Can File Arguments Use Revision Range?	Minimal Access Level Required
N/A	N/A	list

•	The p4 passwd command never sends plaintext passwords over the network; a challenge/response mechanism is used to send the encrypted password to the server.

•	Passwords can contain spaces; command line use of such passwords requires quotes. For instance, to pass the password my passw, to Perforce, use p4 -P "my passw" command .

•	If a user forgets his or her password, a Perforce superuser can reset it by specifying the username on the command line: p4 passwd username

•	The maximum password length is 1024 characters on all platforms.

•	To delete a password, set the password value to an empty string. Depending on your server's security level, your server may not permit you to set a null password.

•	If you are using ticket-based authentication, changing your password automatically invalidates all of your tickets and logs you out; that is, changing your password is equivalent to p4 logout -a.

Related Commands

To change other user options	p4 user
To change users' access levels	p4 protect
To log in using tickets instead of passwords	p4 login