8000 Deleted users are still able to connect · Issue #18 · TAK-Product-Center/Server · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Deleted users are still able to connect #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
eugeneiiim opened this issue Dec 30, 2022 · 5 comments
Open

Deleted users are still able to connect #18

eugeneiiim opened this issue Dec 30, 2022 · 5 comments

Comments

@eugeneiiim
Copy link

I'm having trouble deleting users in TAK Server such that they're no longer able to connect to the server. I’m using file-based user management (not LDAP).

Repro steps:

  1. Add a user “testuser” using the User Management UI (/user-management/index.html)
  2. Log in using testuser in ATAK with “Use Authentication” and “Enroll for Client Certificate” enabled.
  3. Delete testuser in the User Management UI.
  4. Revoke testuser’s client certificate in the Client Certificates UI (Marti/clientcerts/index.html)
  5. Restart the server.

Expected: testuser no longer connected in ATAK
Actual: testuser is still connected in ATAK (and is even able to disconnect and reconnect)
@FarrantAlex
Copy link

Delete the user's private .key file in /opt/tak/certs/files/

@eugeneiiim
Copy link
Author

Because I'm using "enroll for client certificate", the client certificates are not stored to /opt/tak/certs/files. They're only stored in the certificate table in Postgres AFAIK.

@eugeneiiim
Copy link
Author

In the logs, I'm seeing

2023-01-04-19:18:05.705 [https-jsse-nio-8446-exec-18] DEBUG com.bbn.tak.tls.CertManagerAdminApi - revoking certificate : ./revokeCert.sh  /opt/tak/revoke-11366095838260085583 null null

I think this means CAkey and CAcertificate must be set for TAKServerCAConfig in CoreConfig.xml, but these are not being checked for null when read from the config.

@PrcsnFlyer
Copy link
PrcsnFlyer commented Jan 13, 2023
edited
Loading

@eugeneiiim

I have similar issues while revoking users manually.
After executing the ./revokeCert.sh script I receive the following error:

certificate variable lookup failed for CA_default::certificate

Probably this is related to your error because the Cert Manager API calls ./revokeCert.sh as well.

@JonasmedJ
Copy link

Whenever you revoke a certificate, you should also restart the server, for the changes to take effect.

@FarrantAlex FarrantAlex mentioned this issue Jul 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@eugeneiiim @FarrantAlex @PrcsnFlyer @JonasmedJ
0