On Mon, 19 Sept 2022 at 04:36, Joerg Sonnenberger <jo...@bec.de> wrote: > does anyone still know the motivation for SSH_USER_AUTH pointing to a > file with the data instead of containing it directly?
Authentication data is sensitive and a process's environment variables can be inspected by any other process on the system, whereas files have ownership and permission bits that control access. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.