stackoom
  简体   繁体   中英

How to use Redis as back end for mosquitto ACL (JPmens plugin is used)?

 原文  2015-04-06 15:56:15       authentication/ redis/ acl/ mqtt/ mosquitto

Question

I am working on Mosquitto and plan to use Redis as the back end to handle both username/password pair authentication and ACL. I am using JPmens' authentication plugin to do this. The authentication works well, but I can't make the ACL work. Redis uses unique keys and the usernames (keys in my cases) are used in username/password pairs for authentication purposes. I have tried to mix user name,password and topics together in sets/list, but none of them work.

the mosquitto conf: 

auth_plugin /etc/mosquitto/auth-plug.so
auth_opt_backends redis
auth_opt_redis_host 127.0.0.1
auth_opt_redis_port 6379
auth_opt_redis_userquery GET %s
auth_opt_redis_aclquery GET %s-%s

Following name/password pairs are working fine for the authentication

SET user1 PBKDF2$sha256$901$Qh18ysY4wstXoHhk$g8d2aDzbz3rYztvJiO3dsV698jzECxSg

SET user2 PBKDF2$sha256$901$R74X2ae3MufMS20M$CAbXZFDmXJN7Cc28Dm/Z97OfM8Tz1JHn ...

Following settings won't work for the ACL: (a/b... as topics)

sadd user22 PBKDF2$sha256$901$Qh18ysY4wstXoHhk$g8d2aDzbz3rYztvJiO3dsV698jzECxSg a/bc/d

rpush user33 PBKDF2$sha256$901$q5/N74O6Iaf/e8Cg$dEA3tZSi/sJeXKAkX39Gd3agy2WY96gE e/f

What's the correct way to do so? In the Redis API, aclrequery shows that: 

Single stepping until exit from function be_redis_aclcheck, which has no line number information.

redisCommand (c=0x6537d0, format=0x6561c0 "GET user1-t/c") at hiredis.c:1345
1345    void *redisCommand(redisContext *c, const char *format, ...) {
(gdb) bt
0  redisCommand (c=0x6537d0, format=0x6561c0 "GET my-t/c") at hiredis.c:1345
1  0x00007ffff5e61376 in be_redis_aclcheck () from /etc/mosquitto/auth-plug.so
2  0x00007ffff5e5c351 in mosquitto_auth_acl_check ()

from /etc/mosquitto/auth-plug.so

Here, user1 is the user name and t/c is the topic. GET user1-t/c seems to tell me a string type is expected in the Redis database. Can anyone give me an example of how to get this to work?

Thanks

2 answers

solution1
 1  2015-04-11 17:20:51

I have figured out how it works. If MQTT broker only allow client user1 to pub and sub "a/b" and "c/d" topics, the correct ACL data in Redis for the JPmens plugin will be:

user1-a/b 2

user1-c/d 2

"user1-a/c" is the key and 2 is the value.

solution2
 1  2015-05-07 16:23:09

It's not preferred, if Redis goes down for any reason your entire system will be down also.

It will be a SPF (single point of failure) in your architecture.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use redis as a backend for mosquitto ACL How can I use ServiceStack RegistrationFeature plugin with Redis? how to use this simple acl library into codeigniter Cakephp 2 ACL controlled plugin Using mosquitto native acl file along with an auth plug-in CakePHP App with Auth + ACL and Plugin with Auth but no ACL How can I connect front-end with back-end? Azure mobile service javascript back end how to set and read cookies? How do I set authentication for a Mosquitto Broker? How to store JWT refresh token on front-end and back-end sides?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM