On 3.9.2012, at 21.26, Kelsey Cummings wrote:
passdb {
args = proxy=y nopassword=y
driver = static
}
I wonder if someone was doing a ton of logins for different usernames? This kind of setup where director doesn't verify the username can be attacked that way.