Redis Authentication/ACL Plugin
make && make tests
File: etc/emq_auth_redis.conf
## Redis Server
auth.redis.server = 127.0.0.1:6379
## Redis Pool Size
auth.redis.pool = 8
## Redis Database
auth.redis.database = 0
## Redis Password
## auth.redis.password =
## Variables: %u = username, %c = clientid
## Authentication Query Command
## HMGET mqtt_user:%u password or HMGET mqtt_user:%u password salt
auth.redis.auth_cmd = HMGET mqtt_user:%u password
## Password hash: plain, md5, sha, sha256
auth.redis.password_hash = plain
## sha256 with salt prefix
## auth.redis.password_hash = salt sha256
## sha256 with salt suffix
## auth.redis.password_hash = sha256 salt
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.redis.password_hash = pbkdf2 sha256 1000 20
## Superuser Query Command
auth.redis.super_cmd = HGET mqtt_user:%u is_superuser
## ACL Query Command
auth.redis.acl_cmd = HGETALL mqtt_acl:%u
## ACL nomatch
auth.redis.acl_nomatch = deny
HSET mqtt_user:<username> is_superuser 1
Set a 'user' hash with 'password' 'salt' field, for example:
HMSET mqtt_user:<username> password "passwd" salt "salt"
The plugin uses a redis hash to store ACL rules:
HSET mqtt_acl:<username> topic1 1
HSET mqtt_acl:<username> topic2 2
HSET mqtt_acl:<username> topic3 3
NOTE: 1: subscribe, 2: publish, 3: pubsub
NOTICE: Move to emq_backend_redis...
The plugin could store the static subscriptions into a redis Hash:
HSET mqtt_sub:<username> topic1 0
HSET mqtt_sub:<username> topic2 1
HSET mqtt_sub:<username> topic3 2
./bin/emqttd_ctl plugins load emq_auth_redis
Feng Lee [email protected]