>I get it. Kerberos uses file permissions to protect the live token >(the /tmp/krb5_* file). I just want to make sure we are not letting >things like that slip through, where people are not aware that, e.g., >environment variables or process arguments aren't secure.
I hear you. Clearly from a security standpoint passing the bearer token via a process argument isn't a good idea. Like I said, I'm willing to fix this if my solution is acceptable to everyone. --Ken _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
