| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125 |
- ##--------------------------------------------------------------------
- ## PostgreSQL Auth/ACL Plugin
- ##--------------------------------------------------------------------
- ## PostgreSQL server address.
- ##
- ## Value: Port | IP:Port
- ##
- ## Examples: 5432, 127.0.0.1:5432, localhost:5432
- auth.pgsql.server = 127.0.0.1:5432
- ## PostgreSQL pool size.
- ##
- ## Value: Number
- auth.pgsql.pool = 8
- ## PostgreSQL username.
- ##
- ## Value: String
- auth.pgsql.username = root
- ## PostgreSQL password.
- ##
- ## Value: String
- # auth.pgsql.password =
- ## PostgreSQL database.
- ##
- ## Value: String
- auth.pgsql.database = mqtt
- ## PostgreSQL database encoding.
- ##
- ## Value: String
- auth.pgsql.encoding = utf8
- ## Whether to enable SSL connection.
- ##
- ## Value: on | off
- auth.pgsql.ssl = off
- ## TLS version
- ## You can configure multi-version use "," split,
- ## default value is :tlsv1.2
- ## Example:
- ## tlsv1.1,tlsv1.2,tlsv1.3
- ##
- ## auth.pgsql.ssl_opts.tls_versions = tlsv1.2
- ## TLS version
- ## You can configure multi-version use "," split,
- ## default value is :tlsv1.2
- ## Example:
- ## tlsv1.1,tlsv1.2,tlsv1.3
- ##
- ## auth.pgsql.ssl.tls_versions = tlsv1.2
- ## SSL keyfile.
- ##
- ## Value: File
- ## auth.pgsql.ssl.keyfile =
- ## SSL certfile.
- ##
- ## Value: File
- ## auth.pgsql.ssl.certfile =
- ## SSL cacertfile.
- ##
- ## Value: File
- ## auth.pgsql.ssl.cacertfile =
- ## Authentication query.
- ##
- ## Value: SQL
- ##
- ## Variables:
- ## - %u: username
- ## - %c: clientid
- ## - %C: common name of client TLS cert
- ## - %d: subject of client TLS cert
- ##
- auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1
- ## Password hash.
- ##
- ## Value: plain | md5 | sha | sha256 | bcrypt
- auth.pgsql.password_hash = sha256
- ## sha256 with salt prefix
- ## auth.pgsql.password_hash = salt,sha256
- ## sha256 with salt suffix
- ## auth.pgsql.password_hash = sha256,salt
- ## bcrypt with salt prefix
- ## auth.pgsql.password_hash = salt,bcrypt
- ## pbkdf2 with macfun iterations dklen
- ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
- ## auth.pgsql.password_hash = pbkdf2,sha256,1000,20
- ## Superuser query.
- ##
- ## Value: SQL
- ##
- ## Variables:
- ## - %u: username
- ## - %c: clientid
- ## - %C: common name of client TLS cert
- ## - %d: subject of client TLS cert
- ##
- auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
- ## ACL query. Comment this query, the ACL will be disabled.
- ##
- ## Value: SQL
- ##
- ## Variables:
- ## - %a: ipaddress
- ## - %u: username
- ## - %c: clientid
- ##
- ## Note: You can add the 'ORDER BY' statement to control the rules match order
- auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
|
