search

eclipse / paho.mqtt-sn.embedded-c

Paho C MQTT-SN gateway and libraries for embedded systems. Paho is an Eclipse IoT project.
https://eclipse.org/paho
Other
315 stars 178 forks source link

Securing the gateway #133

Closed FuzzyPones closed 6 years ago

FuzzyPones commented 6 years ago

Hello everyone,

I wonder how to secure message sending besides SSL and setting clients in clients.conf specifically. In my use-case i have 1 to n devices that i do not know the clientID of or it has a specific pattern like "Client_kufakdhsffdsfg" .

You can set a username and password on the mosquitto broker so i wondered if something similiar is possible with this Gateway. Is forwarding maybe a solution for this? From what i have read you can encapsulate messages with this. Could i encapsulate an MQTT message with username and password and forward it? I would still have the Problem with the unknown client-id though ...

I am not so super fit in MQTT so excuse my noobishness.

ty4tw commented 6 years ago

Set a user name and password of the gateway by a gateway.conf. All clients can share the same name and password.

FuzzyPones commented 6 years ago

So if i get it right: I configure the clients in clients.conf, set a topic for a user who has a password for a topic in mosquitto and the clients that are allowed by clients.conf will use the password configured in gateway.conf, right?

What if i want more than one username / password combination? Set up more gateways ? It is not possible to forward username and password through the gateway?

What if i don't care about the client's ID but want to allow them to send messages when the username / password is correct?

ty4tw commented 6 years ago

MQTT-SN CONNECT message has no user name and password. This means the protocol does not support what you want to do.

2018年8月28日(火) 0:59 Barry notifications@github.com:

So if i get it right: I configure the clients in clients.conf, set a topic for a user who has a password for a topic in mosquitto and the clients that are allowed by clients.conf will use the password configured in gateway.conf, right?

What if i want more than one username / password combination? Set up more gateways ? It is not possible to forward username and password through the gateway?

What if i don't care about the client's ID but want to allow them to send messages when the username / password is correct?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/eclipse/paho.mqtt-sn.embedded-c/issues/133#issuecomment-416275653, or mute the thread https://github.com/notifications/unsubscribe-auth/AHd9BNjhNeKbwtIfbaIuTAsk9zy4PrZdks5uVBdwgaJpZM4WMwKj .