EMQ X以用户认证方式访问而非匿名方式 EMQ XAuthenticationemqx
程序员文章站
2024-01-30 12:32:10
...
【问题】客户端通过mosquitto发布或者订阅消息出现认证不通过问题
mosquitto_pub -h 172.17.6.150 -t GFTm/010/01012345678 -q 1 -u can_do -P passw0rd -d -m "Hello can_do 22"
Client mosq/WIcXPDp8MXe9MXGJbH sending CONNECT
Client mosq/WIcXPDp8MXe9MXGJbH received CONNACK (5)
Connection Refused: not authorised.
【分析解决】
=>resoved=> 开启用户认证访问需要三步
=>【1/3】关闭匿名访问,vim /data/emqx/etc/emqx.conf,allow_anonymous = false
=>【2/3】开启认证插件,enable plugin of [emqx_auth_username]
# ./emqx_ctl plugins load emqx_auth_username
Start apps: [emqx_auth_username]
Plugin emqx_auth_username loaded successfully.
# ./emqx_ctl plugins list |grep true
Plugin(emqx_auth_username, version=v3.1.0, description=EMQ X Authentication with Username and Password, active=true)
Plugin(emqx_dashboard, version=v3.1.0, description=EMQ X Web Dashboard, active=true)
Plugin(emqx_management, version=v3.1.0, description=EMQ X Management API and CLI, active=true)
Plugin(emqx_recon, version=v3.1-rc.2, description=EMQ X Recon Plugin, active=true)
Plugin(emqx_retainer, version=v3.1.0, description=EMQ X Retainer, active=true)
Plugin(emqx_rule_engine, version=v3.1.0, description=EMQ X Rule Engine, active=true)
=>【3/3】添加认证用户
# ./emqx_ctl users add user_tm passw0rd
ok
# ./emqx_ctl users list
can_do
【解决后验证】
C:\WINDOWS\system32>mosquitto_pub -h 172.17.6.116 -t top -q 1 -u user_tm -P passw0rd -d -m "Hello can_do 28"
Client mosq/QYIrbUlElewIF5ztNS sending CONNECT
Client mosq/QYIrbUlElewIF5ztNS received CONNACK (0)
Client mosq/QYIrbUlElewIF5ztNS sending PUBLISH (d0, q1, r0, m1, 'top', ... (15 bytes))
Client mosq/QYIrbUlElewIF5ztNS received PUBACK (Mid: 1, RC:0)
Client mosq/QYIrbUlElewIF5ztNS sending DISCONNECT
C:\WINDOWS\system32>mosquitto_pub -h 172.17.6.116 -t top -q 1 -u can_do? -P passw0rd -d -m "Hello can_do 27"
Client mosq/f89yr2MJLTUHotlGQg sending CONNECT
Client mosq/f89yr2MJLTUHotlGQg received CONNACK (5)
Connection Refused: not authorised.
C:\WINDOWS\system32>mosquitto_pub -h 172.17.6.116 -t top -q 1 -u can_do -P passw0rd? -d -m "Hello can_do 27"
Client mosq/fAbTFE0ok9W8kMIXeE sending CONNECT
Client mosq/fAbTFE0ok9W8kMIXeE received CONNACK (4)
Connection Refused: bad user name or password.
【小结】用户名或者密码错误,认证都不能通过。
需要区分用户有admins和users组,用户接口认证的用户必须是users组中的,
因为默认的admin用户是admina组中,所以是没有访问权限的。另外需要的认证用户通过./emqx_ctl userss add添加,而不是./emqx_ctl admins add添加。
【温馨提示】
如果您觉得满意,可以选择支持下,您的支持是我最大的动力:
mosquitto_pub -h 172.17.6.150 -t GFTm/010/01012345678 -q 1 -u can_do -P passw0rd -d -m "Hello can_do 22"
Client mosq/WIcXPDp8MXe9MXGJbH sending CONNECT
Client mosq/WIcXPDp8MXe9MXGJbH received CONNACK (5)
Connection Refused: not authorised.
【分析解决】
=>resoved=> 开启用户认证访问需要三步
=>【1/3】关闭匿名访问,vim /data/emqx/etc/emqx.conf,allow_anonymous = false
=>【2/3】开启认证插件,enable plugin of [emqx_auth_username]
# ./emqx_ctl plugins load emqx_auth_username
Start apps: [emqx_auth_username]
Plugin emqx_auth_username loaded successfully.
# ./emqx_ctl plugins list |grep true
Plugin(emqx_auth_username, version=v3.1.0, description=EMQ X Authentication with Username and Password, active=true)
Plugin(emqx_dashboard, version=v3.1.0, description=EMQ X Web Dashboard, active=true)
Plugin(emqx_management, version=v3.1.0, description=EMQ X Management API and CLI, active=true)
Plugin(emqx_recon, version=v3.1-rc.2, description=EMQ X Recon Plugin, active=true)
Plugin(emqx_retainer, version=v3.1.0, description=EMQ X Retainer, active=true)
Plugin(emqx_rule_engine, version=v3.1.0, description=EMQ X Rule Engine, active=true)
=>【3/3】添加认证用户
# ./emqx_ctl users add user_tm passw0rd
ok
# ./emqx_ctl users list
can_do
【解决后验证】
C:\WINDOWS\system32>mosquitto_pub -h 172.17.6.116 -t top -q 1 -u user_tm -P passw0rd -d -m "Hello can_do 28"
Client mosq/QYIrbUlElewIF5ztNS sending CONNECT
Client mosq/QYIrbUlElewIF5ztNS received CONNACK (0)
Client mosq/QYIrbUlElewIF5ztNS sending PUBLISH (d0, q1, r0, m1, 'top', ... (15 bytes))
Client mosq/QYIrbUlElewIF5ztNS received PUBACK (Mid: 1, RC:0)
Client mosq/QYIrbUlElewIF5ztNS sending DISCONNECT
C:\WINDOWS\system32>mosquitto_pub -h 172.17.6.116 -t top -q 1 -u can_do? -P passw0rd -d -m "Hello can_do 27"
Client mosq/f89yr2MJLTUHotlGQg sending CONNECT
Client mosq/f89yr2MJLTUHotlGQg received CONNACK (5)
Connection Refused: not authorised.
C:\WINDOWS\system32>mosquitto_pub -h 172.17.6.116 -t top -q 1 -u can_do -P passw0rd? -d -m "Hello can_do 27"
Client mosq/fAbTFE0ok9W8kMIXeE sending CONNECT
Client mosq/fAbTFE0ok9W8kMIXeE received CONNACK (4)
Connection Refused: bad user name or password.
【小结】用户名或者密码错误,认证都不能通过。
需要区分用户有admins和users组,用户接口认证的用户必须是users组中的,
因为默认的admin用户是admina组中,所以是没有访问权限的。另外需要的认证用户通过./emqx_ctl userss add添加,而不是./emqx_ctl admins add添加。
【温馨提示】
如果您觉得满意,可以选择支持下,您的支持是我最大的动力: