On 09/08/2013 02:23 PM, Stefano Costa wrote:
Sure I'm studying this, trying also to understand if I can achieve my other goal
of having each user "confined" under a specific topics tree (see my other post
today). Or better: my colleagues will, I'm not (any more) so good at building
real C/C++ applications!
Sure, that's a pretty basic requirement :)
We use an ACL like this:
------------
# Allow local (anonymous) users full access
topic #
# This is required so that bridge status notifications work
pattern write $SYS/broker/connection/%c/state
# secure clients from the net can only access their own topics.
pattern +/%u/#
------------
We then have mosquitto conf have two listeners, the "primary" listener is
anonymous, but bound to localhost only, so only our own services can connect.
The second listener is tls-psk, and each client can only read/write to the
+/%u/# tree. (With "use_identity_as_username true")
Sincerely,
Karl P
--
Mailing list: https://launchpad.net/~mosquitto-users
Post to : mosquitto-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mosquitto-users
More help : https://help.launchpad.net/ListHelp
