Overview
User authentication can take place using one of three options:
-
Against an Active Directory or LDAP server that is accessed according to an LDAP specification. Enabling this option disables trigger-based authentication.
This section focuses on this option. It notes the advantages of using this option, it explains how you create an LDAP configuration, it gives instructions on how you activate and test this configuration, and it provides reference information on the commands and configurables you use to implement this option.
-
Against Helix server’s internal user database,
db.user
.This option allows plain-text password-based authentication. It is described in Authenticating using passwords and tickets.
-
Against an authentication server, using an authentication trigger.
These types of triggers are useful if you need to authenticate users against a non-standard authentication server. Authentication triggers fire when the
p4 login
orp4 passwd
commands execute. This option is described in the section Triggering to use external authentication.
The authentication server you choose is used for user definitions, user authentication (passwords), group definitions, license details, and ticket generation.
Authentication is configured on a per-user basis (except for trigger-based authentication): for each user, you can specify what method should be used for authentication. Some options are mutually exclusive: enabling configuration-based LDAP authentication turns off trigger-based authentication. However, you can have some users authenticate using LDAP, while others authenticate against Helix server’s internal user database. For more information, see Defining authentication for users.
When logging in using either authentication method, Helix server encrypts the password before passing it to the specified authentication agent.