Mqtt accepting any password

raheem12 · March 11, 2024, 5:02am

Dear Team,

while connecting to mqtt with username and password which is set in credentials.xml file.
Here in the below case, instead of taking the below password test123, it is accepting any password.

could you please help in this case.

Host: mqtt.com
option: wss://
Port: 8000
Path: /mqtt
username: tib
password: test123

Thanks & Regards,
Mohammed.Raheem

SShet · March 11, 2024, 9:01am

Hello @raheem12

Thank you for contacting us. Could you please confirm if the File RBAC extension is enabled on the broker? Could you please share your hivemq.log, File RBAC extension’s extension-config.xml and credentials.xml files with us?

Regards,
Sheetal from the HiveMQ Team

raheem12 · March 11, 2024, 9:26am

Dear Sheetal,

I haven’t enabled File RBAC extension in this case. As enabling File RBAC extension, and adding the credentials in credential.xml give me error as below

WARN - Configuration for file auth extension has errors:
- User ‘tib’ has invalid password
2024-03-11 05:46:58,346 WARN - Configuration for file auth extension has errors:
- User ‘tib’ has invalid password

Below is the credential.xml file

cat credentials.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> tib test125 role1 admin-user Vddddddddddddddddddddddddddddddddddddddd superuser role1 data/${{clientid}}/# outgoing/${{clientid}} PUBLISH RETAINED incoming/${{username}}/actions SUBSCRIBE superuser #

raheem12 · March 12, 2024, 5:07am

Dear Team,

Could you please update.

Thanks & Regards,
Mohammed.Raheem

raheem12 · March 13, 2024, 6:37am

Dear Team,

I am waiting for update , on how mqtt should accept only specific password but rather it is accepting any password.

Could you please help

raheem12 · March 13, 2024, 7:27am

Dear Team,

I have already setup hivemq-ce, i am in last step, i need you assitance on password to be used only specificied in credentials.xml

SShet · March 13, 2024, 11:51am

Hello @raheem12

As you mentioned you are getting

error WARN - Configuration for file auth extension has errors:
User ‘tib’ has invalid password
2024-03-11 05:46:58,346 WARN - Configuration for file auth extension has errors:- User ‘tib’ has invalid password

Ideally User configuration should look like this, which is not in your case.

<user>
    <name>user1</name>
    <password>pass1</password>
    <roles>
        <id>role1</id>
    </roles>
</user>

Please check our example of the credentials.xml and create a hashed or plain password for your user. Please make sure you enable the RBAC extension and disable hivemq-allow-all-extension extension.

We hope this helps.

Regards,
Sheetal from HiveMQ Team

raheem12 · March 14, 2024, 10:05am

Dear Sheetal,

Thank you for sharing the valuable information.

can we have multiple users on mqtt , could you please let us know

Thanks & Regards,
Mohammed.Raheem

Daria_H · March 19, 2024, 3:47pm

Hi @raheem12

Certainly, you can have multiple users. Here’s an example demonstrating multiple users and roles defined: https://github.com/hivemq/hivemq-file-rbac-extension#user-content-credentials-config.

I hope this information proves helpful.

Best regards,
Dasha from HiveMQ Team

Topic		Replies	Views
Hivemq Username and Password Authentication HiveMQ Community Edition	0	1686	October 13, 2022
How to create user and password for hivemq community edition?	3	141	June 14, 2024
Getting Started	1	341	September 30, 2022
Is there no natively supported authentication available on HiveMQ CE? HiveMQ Community Edition	4	1300	January 23, 2023
File RBAC Extension connection not authorized error HiveMQ Community Edition	3	656	January 23, 2023

Mqtt accepting any password

Related topics