博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
emqtt 试用(五)emq 的用户密码认证
阅读量:5858 次
发布时间:2019-06-19

本文共 5690 字,大约阅读时间需要 18 分钟。

MQTT 认证设置

EMQ 消息服务器认证由一系列认证插件(Plugin)提供,系统支持按用户名密码、ClientID 或匿名认证。

系统默认开启匿名认证(anonymous),通过加载认证插件可开启的多个认证模块组成认证链:

----------------           ----------------           ------------Client --> | Username认证 | -ignore-> | ClientID认证 | -ignore-> | 匿名认证 | ---------------- ---------------- ------------ | | | \|/ \|/ \|/ allow | deny allow | deny allow | deny

注解

EMQ 2.0 消息服务器还提供了 MySQL、PostgreSQL、Redis、MongoDB、HTTP、LDAP 认证插件。

开启匿名认证

etc/emq.conf 配置启用匿名认证:

## Allow Anonymous authenticationmqtt.allow_anonymous = true

EMQ 2.0 版本提供的认证插件包括:

插件 说明
ClientId 认证/鉴权插件
用户名密码认证/鉴权插件
LDAP 认证/鉴权插件
HTTP 认证/鉴权插件
MySQ L认证/鉴权插件
Postgre 认证/鉴权插件
Redis 认证/鉴权插件
MongoDB 认证/鉴权插件

用户名密码认证

基于 MQTT 登录用户名(username)、密码(password)认证。

etc/plugins/emq_auth_username.conf 中配置默认用户:

auth.user.$N.username = adminauth.user.$N.password = public

启用  插件:

./bin/emqttd_ctl plugins load emq_auth_username

使用 ./bin/emqttd_ctl users 命令添加用户:

$ ./bin/emqttd_ctl users add 

ClientId 认证

基于 MQTT 客户端 ID 认证。

etc/plugins/emq_auth_clientid.conf:

auth.client.$N.clientid = clientidauth.client.$N.password = passwd

启用  插件:

./bin/emqttd_ctl plugins load emq_auth_clientid

LDAP 插件认证

etc/plugins/emq_auth_ldap.conf 配置 LDAP 参数:

auth.ldap.servers = 127.0.0.1auth.ldap.port = 389 auth.ldap.timeout = 30 auth.ldap.user_dn = uid=%u,ou=People,dc=example,dc=com auth.ldap.ssl = false

启用 LDAP 认证插件:

./bin/emqttd_ctl plugins load emq_auth_ldap

HTTP 插件认证

注解

开启 HTTP 认证插件后,会终结认证链

etc/plugins/emq_auth_http.conf 配置 ‘super_req’, ‘auth_req’:

## Variables: %u = username, %c = clientid, %a = ipaddress, %P = password, %t = topicauth.http.auth_req = http://127.0.0.1:8080/mqtt/authauth.http.auth_req.method = post auth.http.auth_req.params = clientid=%c,username=%u,password=%P auth.http.super_req = http://127.0.0.1:8080/mqtt/superuser auth.http.super_req.method = post auth.http.super_req.params = clientid=%c,username=%u

启用 HTTP 认证插件:

./bin/emqttd_ctl plugins load emq_auth_http

MySQL 插件认证

通过 MySQL 数据库表认证,可创建如下的 ‘mqtt_user’ 表:

CREATE TABLE `mqtt_user` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `username` varchar(100) DEFAULT NULL, `password` varchar(100) DEFAULT NULL, `salt` varchar(20) DEFAULT NULL, `is_superuser` tinyint(1) DEFAULT 0, `created` datetime DEFAULT NULL, PRIMARY KEY (`id`), UNIQUE KEY `mqtt_username` (`username`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8;

etc/plugins/emq_auth_mysql.conf 配置 ‘super_query’, ‘auth_query’, ‘password_hash’:

## Mysql Serverauth.mysql.server = 127.0.0.1:3306## Mysql Pool Sizeauth.mysql.pool = 8 ## Mysql Username ## auth.mysql.username = ## Mysql Password ## auth.mysql.password = ## Mysql Database auth.mysql.database = mqtt ## Variables: %u = username, %c = clientid ## Authentication Query: select password only auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1 ## Password hash: plain, md5, sha, sha256, pbkdf2 auth.mysql.password_hash = sha256 ## %% Superuser Query auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1

注解

如果系统已有MQTT认证表,可通过配置’auth_query’查询语句集成。

启用 MySQL 认证插件:

./bin/emqttd_ctl plugins load emq_auth_mysql

Postgre 插件认证

通过 PostgreSQL 数据库表认证,可创建如下的 ‘mqtt_user’ 表:

CREATE TABLE mqtt_user (  id SERIAL primary key, is_superuser boolean, username character varying(100), password character varying(100), salt character varying(40) );

etc/plugins/emq_auth_pgsql.conf 配置 ‘auth_query’、’password_hash’:

## Postgre Serverauth.pgsql.server = 127.0.0.1:5432auth.pgsql.pool = 8 auth.pgsql.username = root #auth.pgsql.password = auth.pgsql.database = mqtt auth.pgsql.encoding = utf8 auth.pgsql.ssl = false ## Variables: %u = username, %c = clientid, %a = ipaddress ## Authentication Query: select password only auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1 ## Password hash: plain, md5, sha, sha256, pbkdf2 auth.pgsql.password_hash = sha256 ## sha256 with salt prefix ## auth.pgsql.password_hash = salt sha256 ## sha256 with salt suffix ## auth.pgsql.password_hash = sha256 salt ## Superuser Query auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1

启用 Postgre 认证插件:

./bin/emqttd_ctl plugins load emq_auth_pgsql

Redis 插件认证

Redis 认证。MQTT 用户记录存储在 Redis Hash, 键值: “mqtt_user:<Username>”

etc/plugins/emq_auth_redis.conf 设置 ‘super_cmd’、’auth_cmd’、’password_hash’:

## Redis Serverauth.redis.server = 127.0.0.1:6379## Redis Pool Sizeauth.redis.pool = 8 ## Redis Database auth.redis.database = 0 ## Redis Password ## auth.redis.password = ## Variables: %u = username, %c = clientid ## Authentication Query Command auth.redis.auth_cmd = HGET mqtt_user:%u password ## Password hash: plain, md5, sha, sha256, pbkdf2 auth.redis.password_hash = sha256 ## Superuser Query Command auth.redis.super_cmd = HGET mqtt_user:%u is_superuser

启用 Redis 认证插件:

./bin/emqttd_ctl plugins load emq_auth_redis

MongoDB 插件认证

按 MongoDB 用户集合认证,例如创建 ‘mqtt_user’ 集合:

{    username: "user",    password: "password hash", is_superuser: boolean (true, false), created: "datetime" }

etc/plugins/emq_auth_mongo.conf 设置 ‘super_query’、’auth_query’:

## Mongo Serverauth.mongo.server = 127.0.0.1:27017## Mongo Pool Sizeauth.mongo.pool = 8 ## Mongo User ## auth.mongo.user = ## Mongo Password ## auth.mongo.password = ## Mongo Database auth.mongo.database = mqtt ## auth_query auth.mongo.auth_query.collection = mqtt_user auth.mongo.auth_query.password_field = password auth.mongo.auth_query.password_hash = sha256 auth.mongo.auth_query.selector = username=%u ## super_query auth.mongo.super_query.collection = mqtt_user auth.mongo.super_query.super_field = is_superuser auth.mongo.super_query.selector = username=%u

启用 MongoDB 认证插件:

./bin/emqttd_ctl plugins load emq_auth_mongo

转载地址:http://yjrjx.baihongyu.com/

你可能感兴趣的文章
关于 error: LINK1123: failure during conversion to COFF: file invalid or corrupt 错误的解决方案...
查看>>
linix下用keepalived搭建高可用myqsl-ha
查看>>
我的友情链接
查看>>
hexo博客解决不蒜子统计无法显示问题
查看>>
python实现链表
查看>>
java查找string1和string2是不是含有相同的字母种类和数量(string1是否是string2的重新组合)...
查看>>
Android TabActivity使用方法
查看>>
java ShutdownHook介绍与使用
查看>>
Eclipse的 window-->preferences里面没有Android选项
查看>>
《麦田里的守望者》--[美]杰罗姆·大卫·塞林格
查看>>
[置顶] 深入探析Java线程锁机制
查看>>
ORACLE 日期函数[转载]
查看>>
遇到的那些坑
查看>>
央行下属的上海资信网络金融征信系统(NFCS)签约机构数量突破800家
查看>>
[转] Lazy evaluation
查看>>
常用查找算法总结
查看>>
grep 零宽断言
查看>>
如何定制一个下拉框
查看>>
leetcode389.Find The Difference
查看>>
被神话的大数据——从大数据(big data)到深度数据(deep data)思维转变
查看>>