Guard Azure AD/LDAP Insecure


#1

Hi isn’t it insecure to host the token as a base64 encoded username:password in kubeconfig? Is there another way that we can authenticate without this encoded token?


#2

In LDAP simple authentication, you have to provide username and password. That’s why guard use token as a base64 encoded username:password.

There is an another authentication mechanism called Kerberos in https://appscode.com/products/guard/0.2.1/guides/authenticator/ldap/. You can try that.