I have tried several times, to get the go-auth working with Mosquitto. I am currently running Ubuntu 18.04, I have tried on Debian 10, 11, and Ubuntu 20.04 with out having success.
The service is running, but I am receiving an error not authorized. I setup the password hash in the conf to match what is in the database. I used the pw utility to test it and it was correct. I have logs set to debug and will post them below as well with my mosquitto.conf file. I tried this in a docker container as well. Same issue. I can query my database and the queries work fine. So I am hoping I have an error else where.
I know the username and password are correct and I also tried using a different user account and password.
It looks to be something with the plugin, because do not get any other log after it checks the username against the database. I would assume I would get authentication failed or something similar
Mosquitto Log
1697581012: mosquitto version 2.0.15 starting
1697581012: Config loaded from /etc/mosquitto/mosquitto.conf.
1697581012: Loading plugin: /etc/mosquitto/auth-plug/go-auth.so
1697581012: ├── Username/password checking enabled.
1697581012: ├── TLS-PSK checking enabled.
1697581012: └── Extended authentication not enabled.
1697581012: Opening ipv4 listen socket on port 1883.
1697581012: Opening ipv6 listen socket on port 1883.
1697581012: Opening websockets listen socket on port 9001.
1697581012: Opening websockets listen socket on port 9002.
1697581012: Opening ipv4 listen socket on port 8883.
1697581012: Opening ipv6 listen socket on port 8883.
1697581012: mosquitto version 2.0.15 running
1697581019: New connection from 24.116.127.230:64666 on port 1883.
1697581019: Sending CONNACK to mqttjs_f6edb5ea (0, 5)
1697581019: Client mqttjs_f6edb5ea disconnected, not authorised.
I have tried several times, to get the go-auth working with Mosquitto. I am currently running Ubuntu 18.04, I have tried on Debian 10, 11, and Ubuntu 20.04 with out having success.
The service is running, but I am receiving an error not authorized. I setup the password hash in the conf to match what is in the database. I used the pw utility to test it and it was correct. I have logs set to debug and will post them below as well with my mosquitto.conf file. I tried this in a docker container as well. Same issue. I can query my database and the queries work fine. So I am hoping I have an error else where. I know the username and password are correct and I also tried using a different user account and password.
It looks to be something with the plugin, because do not get any other log after it checks the username against the database. I would assume I would get authentication failed or something similar
php function to generate hash for the db
define("PBKDF2_HASH_ALGORITHM", "sha256"); define("PBKDF2_ITERATIONS", 901); define("PBKDF2_SALT_BYTE_SIZE", 12); define("PBKDF2_HASH_BYTE_SIZE", 24); define("SEPARATOR", "$"); define("TAG", "PBKDF2");
Mosquitto Log 1697581012: mosquitto version 2.0.15 starting 1697581012: Config loaded from /etc/mosquitto/mosquitto.conf. 1697581012: Loading plugin: /etc/mosquitto/auth-plug/go-auth.so 1697581012: ├── Username/password checking enabled. 1697581012: ├── TLS-PSK checking enabled. 1697581012: └── Extended authentication not enabled. 1697581012: Opening ipv4 listen socket on port 1883. 1697581012: Opening ipv6 listen socket on port 1883. 1697581012: Opening websockets listen socket on port 9001. 1697581012: Opening websockets listen socket on port 9002. 1697581012: Opening ipv4 listen socket on port 8883. 1697581012: Opening ipv6 listen socket on port 8883. 1697581012: mosquitto version 2.0.15 running 1697581019: New connection from 24.116.127.230:64666 on port 1883. 1697581019: Sending CONNACK to mqttjs_f6edb5ea (0, 5) 1697581019: Client mqttjs_f6edb5ea disconnected, not authorised.
Mosquitto Auth Log time="2023-10-17T22:38:20Z" level=info msg="Cleaning up plugin" time="2023-10-17T22:38:20Z" level=info msg="Backend registered: Mysql" time="2023-10-17T22:38:20Z" level=info msg="registered acl checker: mysql" time="2023-10-17T22:38:20Z" level=info msg="registered user checker: mysql" time="2023-10-17T22:38:20Z" level=info msg="registered superuser checker: mysql" time="2023-10-17T22:38:20Z" level=info msg="No cache set." time="2023-10-17T22:38:31Z" level=debug msg="checking user brennyn21 with backend Mysql"
mosquitto.conf
pid_file /var/run/mosquitto/mosquitto.pid autosave_interval 1800 persistence true persistence_file m2.db persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log connection_messages true log_timestamp true log_type all
include_dir /etc/mosquitto/conf.d allow_anonymous false auth_plugin /etc/mosquitto/go-auth.so
auth_opt_hasher pbkdf2 auth_opt_hasher_salt_size 12 auth_opt_hasher_iterations 901 auth_opt_hasher_keylen 24 auth_opt_hasher_algorithm sha256 auth_opt_hasher_salt_encoding base64
auth_opt_backends mysql auth_opt_mysql_host auth_opt_mysql_port auth_opt_mysql_dbname phpbb auth_opt_mysql_user auth_opt_mysql_password auth_opt_mysql_userquery select user_yim from phpbb_users where username = ? LIMIT 1 auth_opt_mysql_superquery SELECT IFNULL(COUNT(*), 0) FROM phpbb.phpbb_users WHERE username = ? AND user_id = 34645 auth_opt_mysql_aclquery SELECT CONCAT(username, '/#'), 'read' FROM phpbb_users WHERE username=? auth_opt_mysql_allow_native_passwords true auth_opt_mysql_protocol tcp auth_opt_retry_count 5 auth_opt_log_level debug auth_opt_log_dest file auth_opt_log_file /var/log/mosquitto/mosquittoauth.log
listener 1883
listener 9001 protocol websockets
listener 9002 protocol websockets