Thank you for that. It makes a certain kind of sense, that impersonating a user/creating user sessions requires a high privilege. I think I'd still be more happy with it running as a low privilege user allowing log-in as "nobody"/"guest" and then elevating to a user with login/pw via "runas" or equivalent.
I can see how the only way to login directly to a certain user id would either require ssh to run as that user id or as System.
I can see how the only way to login directly to a certain user id would either require ssh to run as that user id or as System.