Todd M. Lewis wrote: > structure is identified by a UNIX UID rather than a PAG, then the local > superuser root can assume a UNIX UID and use any tokens associated with > that UID. Use of a PAG as an identifier eliminates that possibility. But nothing stops the same superuser from obtaining/reading this PAG also, right? It's just more difficult I assume.