[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [mosquitto-dev] RFC: add listener_allow_anonymous
|
> Kurt Van Dijck <dev.kurt@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> > > In order to have authenticated access to my MQTT box from outside,
> > > I set allow_anonymous to 1. This does have the side effect that
oops, sed s/1/0/
> > > my local programs also need a 'dummy' username+password to authenticate.
> > > This dummy username+password is then usable from outside also.
> > >
> > > I addressed this by adding the patch below. It allows MQTT to be
> > > configured to allow anonymous connections from localhost, and
> > > authenicated connections from outside.
> >
> > Today, I solved my issue differently by adding a
> > 'listener_allow_anonymous' config option. This is easier to add
> > and the backward compatibility is simpler.
> >
> > Since I typically use a TLS-enabled port for outside access and
> > a non-TLS port for local use, this fits my problem as well.
> >
> > Is this a valuable thing to do? Is it right?
> > How else should I address my problem?
>
> Why not just a separate listener that only listens on localhost?
I think that before my patch, both listeners share the 'allow_anonymous' setting
which makes the public listener accessible anonymously. The same applies
to a dummy user+password.
So, I didn't understand how your suggestion alone helps me out.
With this 'listener_allow_anonymous', I can indeed make a listener allow
anonymous localhost connections, and a public listener that enforces
authentication.
Kind regards,
Kurt
