search

thingsboard / tbmq

Open-source, scalable, and fault-tolerant MQTT broker able to handle 4M+ concurrent client connections, supporting at least 3M messages per second throughput per single cluster node with low latency delivery. The cluster mode supports more than 100M concurrently connected clients.
https://thingsboard.io/products/mqtt-broker/
Apache License 2.0
572 stars 46 forks source link

[Feature Request] #56

Open DavidHill0809 opened 1 year ago

DavidHill0809 commented 1 year ago

Is your feature request related to a problem? Please describe. No, it is just an optimisation to reduce number of devices.

Describe the solution you'd like Mixed authentication between X.509 certificate and Basic authentication.

We have TBMQ listening on a public IP address on port 8883 for X.509 authentication only and port 1883 on an Internal subnet and also on a VPN IP subnet. We would like to configure a single device that will allow X.509 authentication using the certificate CN on port 8883 or authenticate the same client_id (as the certificate CN) on port 1883 if it comes in through the VPN address or internal address. Without this we will need to set up 2 devices for each physical device.

Describe alternatives you've considered TBMQ already does combination of authentication based on client_id, username, password, etc, but when you configure a device as X.509 certificate based the configuration there is no facility to also enable Basic authentication.

Additional context

dmytro-landiak commented 1 year ago

Thank you for the request, we will consider it and will get back here once we have more updates for you regarding this topic.