Mqtt accepting any password

raheem12 · March 11, 2024, 5:02am

Dear Team,

while connecting to mqtt with username and password which is set in credentials.xml file.
Here in the below case, instead of taking the below password test123, it is accepting any password.

could you please help in this case.

Host: mqtt.com
option: wss://
Port: 8000
Path: /mqtt
username: tib
password: test123

Thanks & Regards,
Mohammed.Raheem

SShet · March 11, 2024, 9:01am

Hello @raheem12

Thank you for contacting us. Could you please confirm if the File RBAC extension is enabled on the broker? Could you please share your hivemq.log, File RBAC extension’s extension-config.xml and credentials.xml files with us?

Regards,
Sheetal from the HiveMQ Team

raheem12 · March 11, 2024, 9:26am

Dear Sheetal,

I haven’t enabled File RBAC extension in this case. As enabling File RBAC extension, and adding the credentials in credential.xml give me error as below

WARN - Configuration for file auth extension has errors:
- User ‘tib’ has invalid password
2024-03-11 05:46:58,346 WARN - Configuration for file auth extension has errors:
- User ‘tib’ has invalid password

Below is the credential.xml file

cat credentials.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> tib test125 role1 admin-user Vddddddddddddddddddddddddddddddddddddddd superuser role1 data/${{clientid}}/# outgoing/${{clientid}} PUBLISH RETAINED incoming/${{username}}/actions SUBSCRIBE superuser #

raheem12 · March 12, 2024, 5:07am

Dear Team,

Could you please update.

Thanks & Regards,
Mohammed.Raheem

raheem12 · March 13, 2024, 6:37am

Dear Team,

I am waiting for update , on how mqtt should accept only specific password but rather it is accepting any password.

Could you please help

raheem12 · March 13, 2024, 7:27am

Dear Team,

I have already setup hivemq-ce, i am in last step, i need you assitance on password to be used only specificied in credentials.xml

SShet · March 13, 2024, 11:51am

Hello @raheem12

As you mentioned you are getting

error WARN - Configuration for file auth extension has errors:
User ‘tib’ has invalid password
2024-03-11 05:46:58,346 WARN - Configuration for file auth extension has errors:- User ‘tib’ has invalid password

Ideally User configuration should look like this, which is not in your case.

<user>
    <name>user1</name>
    <password>pass1</password>
    <roles>
        <id>role1</id>
    </roles>
</user>

Please check our example of the credentials.xml and create a hashed or plain password for your user. Please make sure you enable the RBAC extension and disable hivemq-allow-all-extension extension.

We hope this helps.

Regards,
Sheetal from HiveMQ Team

raheem12 · March 14, 2024, 10:05am

Dear Sheetal,

Thank you for sharing the valuable information.

can we have multiple users on mqtt , could you please let us know

Thanks & Regards,
Mohammed.Raheem

Daria_H · March 19, 2024, 3:47pm

Hi @raheem12

Certainly, you can have multiple users. Here’s an example demonstrating multiple users and roles defined: https://github.com/hivemq/hivemq-file-rbac-extension#user-content-credentials-config.

I hope this information proves helpful.

Best regards,
Dasha from HiveMQ Team

Topic		Replies	Views
Mqtt_server not connecting on port 8884 HiveMQ Cloud	1	1205	September 30, 2022
HIVEMQ conection with m5stack core2 HiveMQ Cloud	7	1138	May 1, 2023
MQTT ESP8266 MicroPython IDE HiveMQ Client Library	13	2319	March 21, 2022
HiveMQ with MQTTBox client HiveMQ Cloud	3	1070	January 24, 2023
MQTT username and password on ChirpStack MQTT	5	834	August 25, 2022

Mqtt accepting any password

Related Topics