[Buildbot-commits] [Buildbot] #844: Perforce authentication is misleading

[Buildbot]

#844: Perforce authentication is misleading
------------------------+---------------------------------------------------
Reporter:  pcmantz      |       Owner:       
    Type:  enhancement  |      Status:  new  
Priority:  major        |   Milestone:  0.8.2
 Version:  0.7.12       |    Keywords:  p4   
------------------------+---------------------------------------------------

Comment(by Bugeater):

 pcmantz,
   At my company they generate long life tickets for the build user.
 That's why it was
   important to keep them secure.

   So no.  This does not address the issue directly, but instead provides a
 possibly suitable
   workaround.  Instead of putting the actual ticket into self.p4passwd,
 putting the ticket
   file location in the env var will get the same result and no one will
 ever see the actual
   ticket.

   Although it is possible to feed "p4 login" a password from stdin, it
 still exposes that
   password to at least some degree.  In our case, the build machines are
 relatively inaccessible
   so keeping the P4 Tickets file there isn't too bad.

   If you setup a cron job on the machine to twice daily to a "p4 login"
 with the password on
   stdin and placing the P4 Tickets file into the correct place, then even
 with 24 hour tickets
   would be workable.



 TVB

-- 
Ticket URL: <http://buildbot.net/trac/ticket/844#comment:9>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation