You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I believe this is a bug, because it leads to inconsistent behavior for authN using username/password and certificate.
I need Mosquitto to allow connections for some clients with valid certificates. In order to implement this I configure mosquitto to require certificate and use dynamic-security plugin to configure ACLs. In dynamic-security I create clients only for the certificate CNs I want to allow, and grant only permissions they should have. Sometimes I need to disable clients.
According to documentation deleting or disabling client should disconnect currently connected clients and forbid future connections.
There are following problems:
When the client does not exist, the connection can still be established. No permissions are granted though: any attempt to subscribe or publish is denied.
When client exists and is disabled, it can perform any granted operations.
I tested such functionality for username/password authN and it works fine - when the client does not exist or is disabled, the connection cannot be established.
I believe this is a bug, because it leads to inconsistent behavior for authN using username/password and certificate.
I need Mosquitto to allow connections for some clients with valid certificates. In order to implement this I configure mosquitto to require certificate and use dynamic-security plugin to configure ACLs. In dynamic-security I create clients only for the certificate CNs I want to allow, and grant only permissions they should have. Sometimes I need to disable clients.
According to documentation deleting or disabling client should disconnect currently connected clients and forbid future connections.
There are following problems:
I tested such functionality for username/password authN and it works fine - when the client does not exist or is disabled, the connection cannot be established.
mosquitto.conf
The text was updated successfully, but these errors were encountered: