p4 passwd

Synopsis

Change a user’s Perforce password.

Syntax

p4 [g-opts] passwd [-O oldpassword] [-P newpassword] [user]

Description

By default, user records are created without passwords, and any Perforce user can impersonate another by setting P4USER or by using the globally-available -u option. To prevent another user from impersonating you, use p4 passwd to set your password.

After you have set a password, you can authenticate with the password by providing it whenever in one of three ways:

  • Set the environment variable P4PASSWD to the password value;
  • Create a setting for P4PASSWD within the P4CONFIG file;
  • Use the -P password option on the command line, for example:

    p4 -u ida -P idaspassword sync

Each of these three methods overrides the methods above it. Some of these methods may not be permitted depending on the security level configured for your installation.

For Perforce applications on Windows and OS X that connect to Perforce services at security levels 0 and 1, p4 passwd stores the password by using p4 set to store the MD5 hash of the password in the registry or system settings. When connecting to Perforce services at security levels 2, 3, or 4, password hashes are neither stored in, nor read from, these locations.

You can improve security by using ticket-based authentication instead of password-based authentication. To authenticate with tickets instead of passwords, first set a password with p4 passwd, and then use the p4 login and p4 logout commands to manage your authentication.

You can further improve security by assigning users to groups and setting the PasswordTimeout: field in the p4 group form. If a user belongs to more than one group, the largest PasswordTimeout value applies.

Perforce superusers can reset the passwords of individual users (or all users site-wide) with the p4 admin resetpassword command. You can also set the dm.user.resetpassword configurable (set with p4 configure) to require that any newly-created users reset the password you assigned them when you created their account.

For more about how user authentication works, see the Helix Versioning Engine Administrator Guide: Fundamentals.

Certain combinations of security level and Perforce applications releases require users to set "strong" passwords. A password is considered strong if it is at least dm.password.minlength (by default, eight characters) long, and at least two of the following are true:

  • Password contains uppercase letters
  • Password contains lowercase letters
  • Password contains non-alphabetic characters.

For example, the passwords a1b2c3d4, A1B2C3D4, aBcDeFgH are (by default) considered strong. For information about how higher security levels work, see the Helix Versioning Engine Administrator Guide: Fundamentals.

Options

-O oldpassword

Avoid prompting by specifying the old password on the command line. This option is not supported if your site is configured to use security level 2, 3, or 4.

If you use the -O option, you must use the -P option.

-P newpassword

Avoid prompting by specifying the new password on the command line. This option is not supported if your site is configured to use security level 2, 3, or 4.

user

Superusers can provide this argument to change the password of another user.

g-opts

See “Global Options”.

Usage Notes

Can File Arguments Use Revision Specifier? Can File Arguments Use Revision Range? Minimal Access Level Required

N/A

N/A

list

  • Passwords can be up to 1,024 characters in length. As of Release 2013.1, password length is configurable by setting the dm.password.minlength configurable. To require passwords to be at least 16 characters in length, a superuser can run:

    $ p4 configure set dm.password.minlength=16

    The default minimum password length is eight characters.

  • The p4 passwd command never sends plaintext passwords over the network; a challenge/response mechanism is used to send the encrypted password to the service.
  • Passwords can contain spaces; command line use of such passwords requires quotes. For instance, to pass the password my passw, to Perforce, use p4 -P "my passw" command.
  • If a user forgets his or her password, a Perforce superuser can reset it by specifying the username on the command line: p4 passwd username
  • To delete a password, set the password value to an empty string. Depending on your site’s security level, your Perforce service may not permit you to set a null password.
  • If you are using ticket-based authentication, changing your password automatically invalidates all of your tickets and logs you out; that is, changing your password is equivalent to p4 logout -a.

Related Commands

To change other user options

p4 user

To change users' access levels

p4 protect

To log in using tickets instead of passwords

p4 login

To force password reset

p4 admin resetpassword