Florian,
> I'd be *very* interested in how they come to that assessment. I'd have
> thought that the only alternative to getpeereid/getupeercred is
> password-based or certificate-based authenticated - which seem *less*
> secure because a) they also rely on the client having the correct uid
> or gid (to read the password/private key), plus b) the risk of the
> password/private key getting into the wrong hands.
*shrug* don't ask me. I don't agree with the policy, I can hardly
defend it.
--Josh