mosquitto-users team mailing list archive
-
mosquitto-users team
-
Mailing list archive
-
Message #00483
Re: Authentication
Paul-
What i am currently doing is actually using the password as
a dummy field and passing a token/uid in the uid field with a delimiter
(i use a colon) that i can split on in python since it's just a string.
That way you can check the token on every message. Using a large uid
does kinda defeat the purpose of using mqtt that tries to keep the
overhead to a minimum, but sometimes you gotta do what you gotta do. :)
It
is probably a good idea to cache your tokens locally in memcache or
something so that your server can make a quick local call. I haven't
implemented that yet, but i may do so in the near future.
john
> Date: Sat, 7 Jun 2014 21:18:50 +0100
> Subject: Re: [Mosquitto-users] Authentication
> From: roger@xxxxxxxxxx
> To: paul@xxxxxxxxxxxxx
> CC: jrdupaix@xxxxxxxxxxx; mosquitto-users@xxxxxxxxxxxxxxxxxxx
>
> Hi Paul,
>
> Interesting! My initial response is that it's a daft idea to give the
> password at each published message, but it's certainly something that
> could be considered. I'd be interested to hear what others thought
> about it.
>
> Cheers,
>
> Roger
>
>
>
> On Wed, Jun 4, 2014 at 6:03 PM, Paul Fremantle <paul@xxxxxxxxxxxxx> wrote:
> > Roger
> >
> > While we are discussing the auth plugin, I had an issue.
> >
> > I'm using the uid/pw to pass over an OAuth2 token. During each pub/sub
> > validation, I need to extract a scope from the token and check it. BTW I'm
> > using the Python plugin, so this may be an issue with the python interface,
> > but I think its the same on the C interface.
> >
> > Basically, I wanted to pass the token in the pw field, but I only get the pw
> > during the connect validation. The result is I'd need to cache the uid/pw in
> > the connect phase, and then key off the uid at pub/sub validation time. It
> > would be much more convenient if you could pass the pw over with each
> > validation. But maybe you don't want to store the password hence you only
> > pass it over at connect validation?
> >
> > Thoughts?
> >
> > Paul
> >
> >
> > On 4 June 2014 09:05, Roger Light <roger@xxxxxxxxxx> wrote:
> >>
> >> Hi John,
> >>
> >> You could also take a look at this plugin:
> >> https://github.com/jpmens/mosquitto-auth-plug/
> >>
> >> FWIW, it's MQTT that forces you to connect before publishing, not
> >> mosquitto.
> >>
> >> Cheers,
> >>
> >> Roger
> >>
> >> On Tue, Jun 3, 2014 at 11:55 PM, John DuPaix <jrdupaix@xxxxxxxxxxx> wrote:
> >> > Quick question. I would like to use an auth plugin to verify a
> >> > username/password when someone establishes a connection with my
> >> > mosquitto
> >> > server. Once they are connected they are able to publish to any topic
> >> > and
> >> > subscribe to only specific ones. I know that i can use acl to make sure
> >> > they subscribe to only the permitted ones. The question i have is this -
> >> > Does a user have to connect before they can publish? For example, is it
> >> > it
> >> > possible for a user to issue a "publish" command using a valid
> >> > username/password before they issue a "connect" command to mosquitto?
> >> > Does
> >> > the same apply to "subscribe"? Or does mosquitto force users to always
> >> > "connect" before they do anything?
> >> >
> >> > --
> >> > Mailing list: https://launchpad.net/~mosquitto-users
> >> > Post to : mosquitto-users@xxxxxxxxxxxxxxxxxxx
> >> > Unsubscribe : https://launchpad.net/~mosquitto-users
> >> > More help : https://help.launchpad.net/ListHelp
> >> >
> >>
> >> --
> >> Mailing list: https://launchpad.net/~mosquitto-users
> >> Post to : mosquitto-users@xxxxxxxxxxxxxxxxxxx
> >> Unsubscribe : https://launchpad.net/~mosquitto-users
> >> More help : https://help.launchpad.net/ListHelp
> >
> >
References
