Jack starts Apache on one of the web servers:
$ ssh email@example.com
[_x_@web4] $ sudo /usr/bin/apachectl start # or similar
[_x_@web4] $ logout
A) 'jack' - because there's a unix user 'jack' (what we have today)
B) 'sysadmin' - because there's no unix user 'jack' - only an entry in /etc/sshpasswd
B is the same as A as long as you update auditing to trace the Apache start to the jack/secret123 combo.
Sidenote: wow this thread blew up!