I want to sync group membership to Discourse. See one idea for this here:
https://pagure.io/fedora-infrastructure/issue/10952
However, this would be approximately one billion times easier if I didn't
need to worry about the hard part of automating something with fasjson,
which is keeping a kerberos ticket fresh from a keytab. (I'd love to run my
whole thing as a function-as-a-service function.)
I get why we require authentication, but since this info is open to anyone
who authenticates, it's only one part of our protection. And it occured to
me that one needs a FAS account to create something in Communishift anyway.
Unless I am missing something (and I might be)... that really offers
basically the same protection. So..... would it be possible to just
allow-list connections coming from the Communishift nodes?
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader