On 9/4/2012 5:58 PM, Timo Sirainen wrote:
On 3.9.2012, at 21.26, Kelsey Cummings wrote:
passdb { args = proxy=y nopassword=y driver = static }
I wonder if someone was doing a ton of logins for different usernames? This kind of setup where director doesn't verify the username can be attacked that way.
It doesn't look like there was a higher than normal number of failed logins leading up to the connection issues. I'm going to write some more stats collection tools to track state on the directors and see what comes of it.
Can the director proxy validate the username via a unix pw lookup but not check the password?
-- Kelsey Cummings - kgc@corp.sonic.net sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407