Open andreas-ibm opened 1 year ago
Maybe just use:
$ docker exec mosquitto mosquitto_passwd -b /mosquitto/pwfile/pwfile someuser somepassword
where /mosquitto/pwfile/pwfile
is the path associated with the password_file
directive in your mosquitto.conf
, as in:
password_file /mosquitto/pwfile/pwfile
If you want to prepare an offline password file then you can use the same approach to create one by adding the -c
flag when you define the first user:
$ docker exec mosquitto mosquitto_passwd -c -b /mosquitto/pwfile/myfile firstuser firstpassword
and then you can go back to the original command syntax:
$ docker exec mosquitto mosquitto_passwd -b /mosquitto/pwfile/myfile seconduser secondpassword
If passwords turning up in your history log bothers you then you have two choices:
Put a space before the docker
, as in:
$ docker exec mosquitto mosquitto_passwd -b /mosquitto/pwfile/myfile thirduser thirdpassword
That leading space prevents the command from going into the history.
Use interactive mode by adding the -it
flags to the docker exec
command, and omitting both the -b
flag and the password argument from the mosquitto_passwd
command:
$ docker exec -it mosquitto mosquitto_passwd /mosquitto/pwfile/myfile fourthuser
Password:
Reenter password:
But I don't have docker, this is running on a remote kubernetes instance.
Hi Andreas,
We had a discussion about standalone password file generation (in pre-PBKDF2 times) on the mailing list prompted by a similar need.
I did some work on a PHP implementation (see initial response to the ml question) and ended up doing a rudimentary PHP script for the, then solely supported, SHA512 based algorithm.
You can find it at my tools repository (GPL-3.0-or-later): https://git.sr.ht/~mikini/hometools/tree/master/item/mosquitto_passwd.php.
There's also a bit about it, and some more recent thoughts on PBKDF2 support, on my blog: Generating passwords for Mosquitto MQTT broker using PHP.
Regards, Mikkel
Thanks Mikkel,
cool, that's helpful... I guess I should be able to make an OpenSSL based on quite trivially too!
cheers, Andreas
When running mosquitto as part of a containerised environment, it is handy to be able to generate the password file outside the container running mosquitto. At the moment the only way to get
mosquitto_passwd
is through installing the entire broker, which kinda defeats the containerised approach... If only there was a package with just the_passwd
utility, or with in theclient
package then it would make life easier (yes, that possible needs to be aimed at Debian maintainers etc).Is there a way to generate the password hashes in a scriptable, standalone way? I noticed
openssl passwd -6
can generate the "old" style passwords, but I really would prefer PBKDF2 hashes :-)