Can't authenticate on mysql #44
Comments
Did you solve #42 ? Show me your configuration, and a |
Hi JP , Please find bellow all info requested: A. Query used in mosquitto.conf: B. Mysql table name users data: id = 1 C. php procedure used to generate the password : D. mosquitto daemon log 1416854800: New connection from 93.50.87.166 on port 1883. Thank you in advance. |
I'm assuming your PHP FWIW, the characters " |
Thank you for your help and your prompt reply. PS: I have used the string "SALT" for salt only for test. |
I honestly don't know, but you'll have to look around a bit for something that works. It's probably just your salt which is wrong, but I can't help you there. |
@jpmens it seams that this plugin (and the ./np program) use a different way to generate the hashes. I've tried 3 different solutions for generating the Sha256 hashes (because it is by default not supported in C#) all three created by differant people. They generate the same hash given the same input variables. I tried generating an hash with the ./np program and then generate a hash with all the parameters copied. All three solutions give me the same hash. but these are different from the one generated with the ./np program. I also tried the default C# PBKDF2 function, but that only supports Sha1 (Which also doesn't work when put into the database) Then I found this issue, that makes me wonder if it is not the php/c# implementation that is wrong but maybe their might be some issue with the way this plugin generates the hashes. Can you point me in the right direction? As I made the following assumptions:
|
I cannot comment on the PHP or any of the other contributed functions. We've been using
|
Based on the code I figured out what happens.
The implementation ./np uses:
If you to this on both sides of the comparison (when creating the hash and when validating) their won't be a problem. So in an installation where you created the hashes with ./np and validate them with this plugin, everything is ok. I recreated these steps in C# and i can now create the accepted hashes in C#. |
Glad you got it to work. :) |
Thank you all for contribution on this issue. |
Hi, sorry for bumping an old issue but I was wondering why the plugin uses a non standard way of handling PBKDF2 passwords, I have a database that is handled with another application that already has users with PBKDF2 passwords but I'm unable to use them with this plugin. |
For anyone who needs to implement this in PHP - here is a small snippet: #!/usr/local/bin/php
<?php
function mqtt_hash($password, $salt = '', $algo = 'sha256', $iterations = 901, $key_len = 24, $salt_len = 12)
{
if($salt=='') $salt = base64_encode(openssl_random_pseudo_bytes($salt_len));
$key = base64_encode(openssl_pbkdf2($password, $salt, $key_len, $iterations, $algo));
return sprintf("PBKDF2$%s$%d$%s$%s\n",
$algo,
$iterations,
$salt,
$key);
}
$password = trim($argv[1]);
if(function_exists('readline'))
{
while($password=='')
{
$password = trim(readline('Enter password: '));
}
}
else
{
$handle = fopen ("php://stdin","r");
while($password=='')
{
echo 'Enter password: ';
$password = trim(fgets($handle));
echo chr(10);
}
fclose($handle);
}
echo 'PBKDF2 password generator for Mosquitto auth plugin [https://github.com/jpmens/mosquitto-auth-plug]',chr(10);
echo 'Encoding password = ',$password,chr(10);
echo mqtt_hash($password),chr(10);
?> |
I have created a user : 123456789 and a hash for password "testpassword" : PBKDF2$sha256$901$SALT$dc59c53d92f078d49b34
When i try to connect using : mosquitto_pub -h myIP -t '/base' -m 'test_topic' -u 123456789 -P testpassword I get an error :
Connection Refused: bad user name or password.
Error: The connection was refused.
The log of mosquitto daemon says :
1416769178: |-- mosquitto_auth_unpwd_check(123456789)
1416769178: |-- ** checking backend mysql
1416769178: |-- getuser(123456789) AUTHENTICATED=0 by none
Do you have any idea about my issue ?
The text was updated successfully, but these errors were encountered: