Generic keys are insecure because of replay cache issues. Command line options are not really acceptable because there is no way to pass that information through GSSAPI or SASL. A config file option is not really very good because it is a property of the server what you need to do, not a property of your client.