Hi ,
I am trying to set up mosquitto-go-auth for postgresql and want to test end-to-end so mentioned below all the step what i have tried .
Gone through https://github.com/iegomez/mosquitto-go-auth/ and tried to build docker image using docker-compose.yml which is there in repo.
In docker-compose.yml:
I have mqtt_publish file which generally do the authentication , connect to the broker and publish on a topic .
In publish.py file:
client.username_pw_set("test","testpw")
But getting error like not able to authenticate .
time="2020-01-27T10:19:25Z" level=debug msg="checking auth cache for test"
time="2020-01-27T10:19:25Z" level=debug msg="checking user test with backend Files"
time="2020-01-27T10:19:25Z" level=warning msg="wrong password for user test\n"
Hey, I think you may be mixing things up. From your post I take it that you generated the PBKDF2 password using the pw utility and stored it in a password for the files backend, but how does have to do with Postgres? Also, where’s that client.username_pw_set call coming from?
Hi iegomez,
Actually i want to set up mqtt broker with authentication layer where each client have to validate with their password and topics . This authentication things want to set up through postgresql DB not file based .
Regarding ‘client.username_pw_set’:
In mqtt client connection script this line will be there to check auth.
example :
I have taken user as ‘test’ and password as ‘testpw’ . After the PBKDF2 conversion ‘PBKDF2$sha512$100000$os24lcPr9cJt2QDVWssblQ==$BK1BQ2wbwU1zNxv3Ml3wLuu5//hPop3/LvaPYjjCwdBvnpwusnukJPpcXQzyyjOlZdieXTx6sXAcX4WnZRZZnw==’ . I got this username and password from backends/postgres_test.go. Just dumping manual in postgres db with this details .
I have mentioned below the steps for postgres, what i have done so far:
- create database mqtt_auth;
- create user tc_admin with encrypted password 'tcpassword';
- grant all privileges on database mqtt_auth to tc_admin;
- \c mqtt_auth
- create table test_user(
id bigserial primary key,
username character varying (100) not null,
password_hash character varying (200) not null,
is_admin boolean not null);
- create table test_acl(
id bigserial primary key,
test_user_id bigint not null references test_user on delete cascade,
topic character varying (200) not null,
rw int not null);
- insert into test_user values(1,'test','PBKDF2$sha512$100000$os24lcPr9cJt2QDVWssblQ==$BK1BQ2wbwU1zNxv3Ml3wLuu5//hPop3/LvaPYjjCwdBvnpwusnukJPpcXQzyyjOlZdieXTx6sXAcX4WnZRZZnw==',true);
- insert into test_acl values(1,1,'test_user/#',2);
- GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO tc_admin;
- GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO tc_admin;
With these changes i can authenticate username and password but unable to find out how to give access topic basis authentication .
example:
for username : test , can only publish on ‘first_floor/room1’ . Should give auth error when usename:test try to publish on other topics . This kind of authentication i want to configure . Can you help me out ?