Hi isn’t it insecure to host the token as a base64 encoded username:password in kubeconfig? Is there another way that we can authenticate without this encoded token?
In LDAP simple authentication, you have to provide username and password. That’s why guard use token as a base64 encoded username:password.
There is an another authentication mechanism called Kerberos in https://appscode.com/products/guard/0.2.1/guides/authenticator/ldap/. You can try that.