I currently have a broker that accepts connections from users using TLS-PSK, as well as users that use username/password. The first set of users are from a 3rd party, so they must connect using TLS-PSK. The second set of users are services written in Go, where the mqtt library doesn't support TLS-PSK, so I have to use a normal username/password login over SSL.
I have 2 problems:
1) I want to use an auth plugin (
https://github.com/jpmens/mosquitto-auth-plug) to use HTTP to do authentication. The plugin says it supports using TLS-PSK, but only if you set the `use_identity_as_username` flag. Unfortunately, setting this flag will disable normal username/password authentication. The only way I can think of to possibly work around this is to set up 2 bridged brokers, one for the first set of users, one for the second set of users, and have each broker use a different auth method. This seems pretty complicated though. Is there another way around this issue?
2) Because I can't set `use_identity_as_username` flag, I can't restrict topics in the ACL based on username wildcard for clients that authenticate with TLS-PSK. Is there some way to do get around this as well?
Thanks,
Jeff