Perform the outboarding of tenma according to https://intranet.softwareheritage.org/wiki/Outboarding
Description
Description
Revisions and Commits
Revisions and Commits
| rSPSITE puppet-swh-site | |||
| D5542 Remove tenma's access | |||
| D5568 | rSPSITE313887d2e6ed Add hg origin to "save code now" monitor | ||
| D5568 | rSPSITE9f5e30f94155 Switch svn origin to "save code now" monitor to another | ||
Related Objects
Related Objects
Event Timeline
Comment Actions
- unix credentials disabled
- user tenma removed from the groups Staff and Reviewers in phabricator
- VPN credential revoked:
root@louvre:~# cd /etc/openvpn/keys
root@louvre:/etc/openvpn/keys# ls
dh1024.pem dh2048.pem easyrsa old pki vars x509-types
root@louvre:/etc/openvpn/keys# ./easyrsa revoke tenma
Note: using Easy-RSA configuration from: ./vars
Using SSL: openssl OpenSSL 1.1.1d 10 Sep 2019
Please confirm you wish to revoke the certificate with the following subject:
subject=
commonName = tenma
Type the word 'yes' to continue, or any other input to abort.
Continue with revocation: yes
Using configuration from /etc/openvpn/keys/pki/safessl-easyrsa.cnf
Revoking Certificate 07DDFAD8CFA118C4A3B249C7FCDCAE69.
Data Base Updated
IMPORTANT!!!
Revocation was successful. You must run gen-crl and upload a CRL to your
infrastructure in order to prevent the revoked cert from being accepted.
root@louvre:/etc/openvpn/keys# ./easyrsa gen-crl; chmod a+r pki/crl.pem
Note: using Easy-RSA configuration from: ./vars
Using SSL: openssl OpenSSL 1.1.1d 10 Sep 2019
Using configuration from /etc/openvpn/keys/pki/safessl-easyrsa.cnf
An updated CRL has been created.
CRL file: /etc/openvpn/keys/pki/crl.pemComment Actions
- he was not in the list of members of the swh-team (thanks @ardumont for adding me to the owners of the list)