If the property sasl.proxyAuth is set to true, then administrative users can
authorize as any user on the system. This is convenient for testing, and to
manipulate other users' accounts.

An admin can, of course, change passwords anyway, so this doesn't reduce
security much, but is off by default in any case.

Testing is problematic since I can't actually find a client which allows this.