So yesterday I posted about a vulnerability is OS X where passwords are leaked during login, and by chance I happened to read my previous post on accessing kerberized services with the Active Directory computer account today. It prominently featured the following nugget:

echo "$ADCOMPPWD" | kinit --password-file=STDIN "$ADCOMPACCT"

Oh sweet irony. I updated the post with a fixed version that uses a temporary file instead of piping from echo for the whole world to see.