I had troubles getting the postgresql authentication plugin working in Mosquitto. Errors when building the library and finally the offical Mosquitto image couldn’t load the file at all.
(I want to use Mosquitto 2.0.7 etc.)
I’m not even sure I need it since there’s a nice Dynamic Security plugin already included with Mosquitto so I can add the passwords for AS,NS and the individual GWs.
I want to set some gateway ACL and use %c client id pattern. Oh, I also prefixed my topics with eu or us-fsb2 to get it to the right NS.
Right now, with security enabled, I don’t seem to get any data at all from the gateway bridge though somehow even though I tried opening all ACLs too. My admin test # subscription script (in python, using wss://) doesn’t show anything either. Also, I could also get CGB running up to 3.8 on my Dragino and newer versions refused to work.
Perhaps I’ll try to go back to anonymous mode to see if it still works as I had before.
Anyone with more experience and know some pitfalls?
I’ve had many issues with the PostgreSQL plugin (a few times a connection issue took down the Mosquitto instance) and I’m not using it anymore.
An alternative would be to use the client-certificate authentication / authorization. That completely decouples the Mosquitto broker from the other components as using a CA certificate, it is able to validate the client-certificate authenticity. Using the Gateway ID as CN, you can still configure ACLs.
Thanks for the certificate name tip! I can indeed see some option use_identity_as_username that does this. So I just need to put a new certificate and do a rehash.