EMQ X Authentication (2)-Core Concepts and Configuration Points of MQTT Connection Authentication in EMQ X

Preface

Authentication method

Authentication results

Anonymous Authentication

# etc/emqx.conf## Value: true | falseallow_anonymous = true

Password salting rules and hash methods

# etc/plugins/emqx_auth_mysql.conf## only hash is used without saltauth.mysql.password_hash = sha256## salt prefix: use sha256 to encrypt salt + passwordauth.mysql.password_hash = salt,sha256## salt suffix: encrypted password using sha256 + saltauth.mysql.password_hash = sha256,salt## pbkdf2 with macfun iterations dklen## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512## auth.mysql.password_hash = pbkdf2,sha256,1000,20

How to generate authentication information

EMQ X authentication process

Authentication chain

MQTT TLS authentication

listener.ssl.external = 8883
listener.ssl.external.keyfile = etc/certs/key.pemlistener.ssl.external.certfile = etc/certs/cert.pemlistener.ssl.external.cacertfile = etc/certs/cacert.pem
listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA

PSK authentication

#listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,...listener.ssl.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
$ emqx_ctl plugins load emqx_psk_file
client1:1234client2:abcd

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
EMQ Technologies

EMQ is an open-source IoT data infrastructure software provider, delivering the world’s leading open-source MQTT message broker and stream processing database.