| Re: [mosquitto-dev] RFC: add listener_allow_anonymous |
Kurt Van Dijck <dev.kurt@xxxxxxxxxxxxxxxxxxxxxx> wrote: > > > Kurt Van Dijck <dev.kurt@xxxxxxxxxxxxxxxxxxxxxx> wrote: > > > > In order to have authenticated access to my MQTT box from outside, > > > > I set allow_anonymous to 1. This does have the side effect that > oops, sed s/1/0/ > > > > my local programs also need a 'dummy' username+password to authenticate. > > > > This dummy username+password is then usable from outside also. > > > > > > > > I addressed this by adding the patch below. It allows MQTT to be > > > > configured to allow anonymous connections from localhost, and > > > > authenicated connections from outside. > > > > > > Today, I solved my issue differently by adding a > > > 'listener_allow_anonymous' config option. This is easier to add > > > and the backward compatibility is simpler. > > > > > > Since I typically use a TLS-enabled port for outside access and > > > a non-TLS port for local use, this fits my problem as well. > > > > > > Is this a valuable thing to do? Is it right? > > > How else should I address my problem? > > > > Why not just a separate listener that only listens on localhost? > > I think that before my patch, both listeners share the > 'allow_anonymous' setting which makes the public listener > accessible anonymously. The same applies to a dummy > user+password. > > So, I didn't understand how your suggestion alone helps me out. > > With this 'listener_allow_anonymous', I can indeed make a > listener allow anonymous localhost connections, and a public > listener that enforces authentication. > Ah, you're right. I'd used a username/password with the localhost only listener. Cheers, Karl P
Attachment:
signature.html
Description: OpenPGP Digital Signature