EMQTT启用密码认证或mysql认证

EMQTT启用密码认证

权限认证

修改etc/emq.conf中:

mqtt.allow_anonymous = true 改为 false

mqtt.acl_nomatch = deny

把这条##mqtt.acl_file = etc/acl.conf注释掉(针对启用mysql认证)。

启用 用户名密码认证

基于MQTT登录用户名(username)、密码(password)认证。

etc/plugins/emq_auth_username.conf中配置默认用户:

auth.user.$N.username = admin
auth.user.$N.password = public
启用`emq_auth_username`_插件:

./bin/emqttd_ctl plugins load emq_auth_username
使用’./bin/emqttd_ctl users’命令添加用户:(可选)
$ ./bin/emqttd_ctl users add <Username> <Password>

 

更进一步 还可以定义ACL访问控制规则:

规则定义在etc/acl.conf。

注:改了密码后,原来的密码还能用,需要删除emqtt的数据库 (bug)


启用mysql认证方法

导入https://github.com/emqx/emqx-auth-mysql/blob/emqx30/mqtt.sql 数据库sql到mysql.

配置 MySQL 认证鉴权插件

etc/plugins/emq_auth_mysql.conf:

##——————————————————————–
## MySQL Auth/ACL Plugin
##——————————————————————–

## MySQL server address.
##
## Value: Port | IP:Port
##
## Examples: 3306, 127.0.0.1:3306, localhost:3306
auth.mysql.server = 127.0.0.1:3306

## MySQL pool size.
##
## Value: Number
auth.mysql.pool = 8

## MySQL username.
##
## Value: String
auth.mysql.username = root

## MySQL password.
##
## Value: String
auth.mysql.password = password

## MySQL database.
##
## Value: String
auth.mysql.database = mqtt

## Variables: %u = username, %c = clientid

## Authentication query.
##
## Note that column names should be ‘password’ and ‘salt’ (if used).
## In case column names differ in your DB – please use aliases,
## e.g. “my_column_name as password”.
##
## Value: SQL
##
## Variables:
## – %u: username
## – %c: clientid
##
auth.mysql.auth_query = select password from mqtt_user where username = ‘%u’ limit 1
## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = ‘%u’ limit 1

## Password hash.
##
## Value: plain | md5 | sha | sha256 | bcrypt
auth.mysql.password_hash = plain
##auth.mysql.password_hash = sha256

## sha256 with salt prefix
## auth.mysql.password_hash = salt,sha256

## bcrypt with salt only prefix
## auth.mysql.password_hash = salt,bcrypt

## sha256 with salt suffix
## auth.mysql.password_hash = sha256,salt

## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.mysql.password_hash = pbkdf2,sha256,1000,20

## Superuser query.
##
## Value: SQL
##
## Variables:
## – %u: username
## – %c: clientid
auth.mysql.super_query = select is_superuser from mqtt_user where username = ‘%u’ limit 1

## ACL query.
##
## Value: SQL
##
## Variables:
## – %a: ipaddr
## – %u: username
## – %c: clientid
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = ‘%a’ or username = ‘%u’ or username = ‘$all’ or clientid = ‘%c’

登录dashbord后台:

http://127.0.0.1:18083/#/plugins

点左菜单的plugins :

在右侧找到 mysql auth插件,点start启动:

emq_auth_mysql
2.3.11
Authentication/ACL with MySQL
 Stoped

 

mqtt数据库插入数据:

mqtt_user表添加用户。

mqtt_acl表添加权限即可。

注:mqtt_acl表默认有以下权限:

id allow
0: deny, 1: allow
ipaddr username clientid access

1: subscribe, 2: publish, 3: pubsub

topic
1 1 NULL $all NULL 2 #
2 0 NULL $all NULL 1 $SYS/#
3 0 NULL $all NULL 1 eq #
5 1 127.0.0.1 NULL NULL 2 $SYS/#
6 1 127.0.0.1 NULL NULL 2 #
7 1 NULL dashboard NULL 1 $SYS/#
原创文章,转载请注明来自Lenix的博客,地址 http://blog.p2hp.com/archives/4542

EMQTT启用密码认证或mysql认证
标签:         

发表评论

电子邮件地址不会被公开。 必填项已用*标注

*