search

emqx / emqx-auth-username

EMQX Authentication with Username and Password
https://emqx.io
Apache License 2.0
18 stars 22 forks source link

defalut username/password not disabling #140

Closed sphonala closed 4 years ago

sphonala commented 4 years ago

Hi, I've install emqx server on aws instance, I've enabled emqx-auth-username plugin and updated with my 'username' and 'password' and removed default user 'admin'/'public123', but it still accepting connections on default username and password.

emqplus commented 4 years ago

@sphonala turn off the allow_anonymous in etc/emqx.conf

## Allow anonymous authentication by default if no auth plugins loaded.
## Notice: Disable the option in production deployment!
##
## Value: true | false
allow_anonymous = true
sphonala commented 4 years ago

yes, turned off and restarted emqx and rebooted also. etc/emqx/emqx.conf allow_anonymous = false

emqplus commented 4 years ago

@zhengyupan Please check the issue

sphonala commented 4 years ago

machine configuration: Distributor ID: Ubuntu Description: Ubuntu 16.04.6 LTS Release: 16.04 Codename: xenial

installed via repository https://docs.emqx.io/broker/latest/en/install.html#ubuntu

zhengyupan commented 4 years ago

Hi @sphonala , Could you please let me know the EMQ X's version number and upload your conf files here, I will check. Thank you!

sphonala commented 4 years ago

version emqx-4.0.1

https://we.tl/t-rmsCoYxFrB

zhengyupan commented 4 years ago

Hi @sphonala , If you use the auth_username to authenticate clients, the user info cannot be removed. if you want to remove a user, you will need to delete the contents in /var/lib/emqx/data/ and restart the service, then the db will be recreated. We don't suggest using auth_username in production environment. For its simplicity, it may be good for functional test.

emqplus commented 4 years ago

@zhengyupan As I know, the emqx_auth_username plugin provides a CLI to remove the existed users.

@sphonala Please try users list and users del <Username>

zhengyupan commented 4 years ago

@emqplus Thank you!

@sphonala please use emqx_ctl tool comes with the emqx to delete user. To make the deletion permanent, you will need to

  1. delete the user emqx_ctl users del <username>
  2. remove the user from file emqx_auth_username

without the step 2, the user will be still able to connect after restart.

sphonala commented 4 years ago

Ok. Got it. Thank you.

HJianBo commented 4 years ago

Hi, @sphonala Is the problem resolved?

sphonala commented 4 years ago

Hello @HJianBo, it's resolved.