RB is running on a server that has other things hosted on it. RB has its own virtual server, and so far the other tools are accessible either via their own virtual server or via a subdir off the root from the base servername. To illustrate:
rb.server.com <-Reviewboard foo.server.com, server.com/foo <-one "thing" bar.server.com, server.com/bar <-another "thing" I designed it this way with the idea that if any of these "things" get too big/demanding to share a server with the other "things", I can break them off pretty easily by just setting up a virtual server elsewhere, move the subdomain pointer, and I'm off and running. So, we are wanting greater security than that offered by AWS firewalls and whitelists, plus we are going to outgrow the whitelist soon. We use Google auth for many of our Atlassian and other tools, so would like to lock down this server with Google Auth. It's OK that we would only gain access to non-RB areas on the server with Google auth, users would still have to go through the RB basic auth afterward. I have seen notes to the effect that RB will eventually support Google auth. So, the question: If I lock down the server with Google Auth, what are my options for users wanting to use RBTools from the command-line? Can I open up just the APIs to not need Google auth, and rely on the API key to secure that path, or is there another approach people are successfully using to solve this problem? Note, AD, NIS, LDAP, etc. do not seem to be options here. Thanks, Dave A. -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
