emqx-auth-pgsql icon indicating copy to clipboard operation
emqx-auth-pgsql copied to clipboard

Published 20 hours ago verified publisher icon emqx

How to use ACL without authentication based only on client id

Open saschathiergart opened this issue 7 years ago • 3 comments

I am using EMQ with the emq_sn plugin. I have activated the emq-auth-pgsql plugin to achieve ACL based on client id. However, as reported in issue #18, the broker denies access for clients that are not authenticated (i.e. with username and password).

To my best knowledge, MQTT-SN does not support authentication (at least it is not specified). This makes the emq-auth-pgsql plugin unusable with MQTT-SN.

is there a chance of decoupling auth and acl or configuring the plugin such that it allows for unauthenticated access?

saschathiergart avatar Apr 28 '17 15:04 saschathiergart

One option (at least for me) would to have some kind of logic in acl.conf. Is something like

{allow, {client, %c}, subscribe, ["testTopics/%c"]}. possible? That would at least allow me make restrictions based on client id, that are not dynamic.

saschathiergart avatar Apr 28 '17 16:04 saschathiergart

For everyone who comes here see issue #1041 in the emqtt repo.

saschathiergart avatar May 08 '17 18:05 saschathiergart

Any movement on this. I am hitting the same issue. Need to auth based on client id from SSL cert.

bradleyd avatar Mar 22 '18 15:03 bradleyd