Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Password Authentication of clients in Broker

If you are looking for the default behaviour in 2.0.18;

I think the mosquitto_unpwd_check_default function in security_default.c is the one.

If WITH_TLS is defined, it eventually calls a pw__digest function that does either sha512 or PBKDF2 depending on hash_type.

On Mon, May 27, 2024 at 8:45 AM Elona Homes via mosquitto-dev <mosquitto-dev@xxxxxxxxxxx> wrote:

Broker: eclipse-mosquitto
Version: 2.0.18
security: ACL

Hello everyone,

Can someone help me point out the code implementation in eclipse-mosquitto where it compare the plain text password of client with the hash value stored in passwordfile to authenticate the client.

I have been tracing the code. I have observed that the broker recieves the password in plain text form. But the password in brokers ACL( passwordfile ) will be stored in Hashed form. So I've been running into dead ends when I search for the code/function where it compares the passwords.

Any suggestions or answers are much appreciated.

Thank You.

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

Back to the top