Support for auditing
It is possible to audit the administrator during a switch user operation. The switch user functionality adds an extended attribute to the "switch-to" user credential that identifies the administrator. The extended attribute, as stored in the credential, is called tagvalue_su-admin:
tagvalue_su-admin = su-admin-nameThis extended attribute is available to any auditing mechanism.