So yesterday I posted about a vulnerability is OS X where passwords are leaked during login, and by chance I happened to read my previous post on accessing kerberized services with the Active Directory computer account today. It prominently featured the following nugget:
echo "$ADCOMPPWD" | kinit --password-file=STDIN "$ADCOMPACCT"
Oh sweet irony. I updated the post with a fixed version that uses a temporary file instead of piping from
echo for the whole world to see.