By default, user records are created without passwords, and any Perforce user can impersonate another by setting
P4USER or by using the
globally-available -u flag. To prevent another user from impersonating you, use
p4 passwd to set your password to any string that doesn't contain the comment character
#.
After you have set a password, you can authenticate with the password by providing it to the Perforce server program whenever you run any Perforce command. You can provide passwords to the Perforce server in one of three ways:
On Windows clients connecting to servers at security levels 0 and 1, p4 passwd stores the password by using
p4 set to change the local registry variable. (The registry variable holds only the encrypted MD5 hash, not the password itself.) On Windows clients connecting to servers at security levels 2 and 3, password hashes are neither stored in, nor read from, the registry.
You can improve security by using ticket-based authentication instead of password-based authentication. To authenticate with tickets instead of passwords, first set a password with
p4 passwd, and then use the
p4 login and
p4 logout commands to manage your authentication. For more about how ticket-based authentication works, see the
System Administrator's Guide.
Certain combinations of server security level and Perforce client software releases require users to set "strong" passwords. A password is considered strong if it is at least eight characters long, and at least two of the following are true:
For example, the passwords a1b2c3d4,
A1B2C3D4,
aBcDeFgH are considered strong. For information about how higher security levels work, see the
System Administrator's Guide.