Open-source, scalable, and fault-tolerant MQTT broker able to handle 4M+ concurrent client connections, supporting at least 3M messages per second throughput per single cluster node with low latency delivery. The cluster mode supports more than 100M concurrently connected clients.
Is your feature request related to a problem? Please describe.
No, it is just an optimisation to reduce number of devices.
Describe the solution you'd like
Mixed authentication between X.509 certificate and Basic authentication.
We have TBMQ listening on a public IP address on port 8883 for X.509 authentication only and port 1883 on an Internal subnet and also on a VPN IP subnet. We would like to configure a single device that will allow X.509 authentication using the certificate CN on port 8883 or authenticate the same client_id (as the certificate CN) on port 1883 if it comes in through the VPN address or internal address. Without this we will need to set up 2 devices for each physical device.
Describe alternatives you've considered
TBMQ already does combination of authentication based on client_id, username, password, etc, but when you configure a device as X.509 certificate based the configuration there is no facility to also enable Basic authentication.
Is your feature request related to a problem? Please describe. No, it is just an optimisation to reduce number of devices.
Describe the solution you'd like Mixed authentication between X.509 certificate and Basic authentication.
We have TBMQ listening on a public IP address on port 8883 for X.509 authentication only and port 1883 on an Internal subnet and also on a VPN IP subnet. We would like to configure a single device that will allow X.509 authentication using the certificate CN on port 8883 or authenticate the same client_id (as the certificate CN) on port 1883 if it comes in through the VPN address or internal address. Without this we will need to set up 2 devices for each physical device.
Describe alternatives you've considered TBMQ already does combination of authentication based on client_id, username, password, etc, but when you configure a device as X.509 certificate based the configuration there is no facility to also enable Basic authentication.
Additional context