search

emqx / emqx-auth-pgsql

EMQX PostgreSQL Authentication Plugin
https://www.emqx.io
Apache License 2.0
36 stars 29 forks source link

How to use ACL without authentication based only on client id #54

Open saschathiergart opened 7 years ago

saschathiergart commented 7 years ago

I am using EMQ with the emq_sn plugin. I have activated the emq-auth-pgsql plugin to achieve ACL based on client id. However, as reported in issue #18, the broker denies access for clients that are not authenticated (i.e. with username and password).

To my best knowledge, MQTT-SN does not support authentication (at least it is not specified). This makes the emq-auth-pgsql plugin unusable with MQTT-SN.

is there a chance of decoupling auth and acl or configuring the plugin such that it allows for unauthenticated access?

saschathiergart commented 7 years ago

One option (at least for me) would to have some kind of logic in acl.conf. Is something like

{allow, {client, %c}, subscribe, ["testTopics/%c"]}. possible? That would at least allow me make restrictions based on client id, that are not dynamic.

saschathiergart commented 7 years ago

For everyone who comes here see issue #1041 in the emqtt repo.

bradleyd commented 6 years ago

Any movement on this. I am hitting the same issue. Need to auth based on client id from SSL cert.