| Thread Previous • Date Previous • Date Next • Thread Next |
On 09/08/2013 02:23 PM, Stefano Costa wrote:
Sure I'm studying this, trying also to understand if I can achieve my other goal of having each user "confined" under a specific topics tree (see my other post today). Or better: my colleagues will, I'm not (any more) so good at building real C/C++ applications!
Sure, that's a pretty basic requirement :) We use an ACL like this: ------------ # Allow local (anonymous) users full access topic # # This is required so that bridge status notifications work pattern write $SYS/broker/connection/%c/state # secure clients from the net can only access their own topics. pattern +/%u/# ------------We then have mosquitto conf have two listeners, the "primary" listener is anonymous, but bound to localhost only, so only our own services can connect.
The second listener is tls-psk, and each client can only read/write to the +/%u/# tree. (With "use_identity_as_username true")
Sincerely, Karl P
| Thread Previous • Date Previous • Date Next • Thread Next |
