Authentication
==============


three choices for authentication::

    1. password files
    2. authentication plugins
    3. unauthorised/anonymous access

1. Password files
-----------------

命令::

    // 新建用户
    $ mosquitto_passwd -c <password file> <username>

    // 添加用户
    $ mosquitto_passwd <password file> <username>

    // 移除用户
    $ mosquitto_passwd -D <password file> <username>

    // 更新密码
    $ mosquitto_passwd <password file> <username> <password>


Configuring the broker::

    普通配置:
    password_file <path to the configuration file>

    设定 ``per_listener_settings true`` 选项:
    listener 1883
    password_file /etc/mosquitto/password_file



2. Authentication plugins
-------------------------

Configuring the plugin::

    // For 2.0 and up, use the plugin option:
    listener 1883
    plugin <path to plugin>

Available plugins::

    1. Dynamic security: 
        https://mosquitto.org/documentation/dynamic-security/
        for 2.0 and up only, provided by the Mosquitto project 
        to give flexible in-broker clients, groups, and roles that can be administered remotely.
    2. mosquitto-go-auth:
        which offers the use of a variety of backends to store user data, such as mysql, jwt, or redis.




3. unauthorised/anonymous access
--------------------------------

配置::

    listener 1883
    allow_anonymous true


It is valid to allow anonmous and authenticated access on the same broker. In particular the dynamic security plugin allows you to assign different rights to anonymous users than to authenticated users, which may be useful for read-only access to data for example.

参考
----

* Authentication methods: https://mosquitto.org/documentation/authentication-methods/