Is the user SID also in audit output? If it isn't, shouldn't it be, if available, esp. if the UID is ephemeral? Wouldn't it be worth recording for forensics? -- This message posted from opensolaris.org
- User object audit token [PSARC/2010/001 FastTrack time... Gary Winiger
- User object audit token [PSARC/2010/001 FastTrack... Richard L. Hamilton
- User object audit token [PSARC/2010/001 FastTrack... Sebastien Roy
