On 9/4/2012 5:58 PM, Timo Sirainen wrote:
On 3.9.2012, at 21.26, Kelsey Cummings wrote:
passdb {
args = proxy=y nopassword=y
driver = static
}
I wonder if someone was doing a ton of logins for different usernames? This
kind of setup where director doesn't verify the username can be attacked that
way.
It doesn't look like there was a higher than normal number of failed
logins leading up to the connection issues. I'm going to write some
more stats collection tools to track state on the directors and see what
comes of it.
Can the director proxy validate the username via a unix pw lookup but
not check the password?
--
Kelsey Cummings - k...@corp.sonic.net sonic.net, inc.
System Architect 2260 Apollo Way
707.522.1000 Santa Rosa, CA 95407