Nico Williams <nico at cryptonector.com> writes: > I.e., I prefer the Windows/AD model. I get that in general that's a > difficult model to apply outside Windows, but still, I prefer it. We use separate user principals in Windows/AD for privileged actions for exactly the same reason. -- Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>