On Monday 12 February 2007 16:32, Matthew Miller wrote: > > UID isn't unique among sessions. > > The kernel's session-specific keyring is, though, right? We don't include the contents of any keyring in any audit message. We include everything that has to do with a user's identity and where a command came from. -Steve