Latch plugin for Mosquitto
Python
Latest commit 2de66c9 Dec 18, 2016 @oribit committed on GitHub Update README.md
Permalink
Failed to load latest commit information.
latch_sdk Fixing installation issues Dec 11, 2016
manual Updating manuals Dec 18, 2016
tools Minos bugs fixed Dec 12, 2016
.gitignore INITIAL COMMIT Dec 11, 2016
LICENSE Initial commit Oct 23, 2016
README.md Update README.md Dec 18, 2016
__init__.py INITIAL COMMIT Dec 11, 2016
latch.conf.example INITIAL COMMIT Dec 11, 2016
mosquitto_latch.py INITIAL COMMIT Dec 11, 2016
mosquitto_latch_bag.py INITIAL COMMIT Dec 11, 2016

README.md

Latch Plugin for Mosquitto

Latch Plugin for Mosquitto allows to add, in an easy way, a second factor authentication inside IoT ecosystem, doing the integration in the platform (MQTT Broker), instead of devices, allowing to free resources from them, and maximizing compatibility and scalability.

It is developed in Python over Mosquitto auth-plugin basis, therefore it is supported the use of standard ACLs, as well as user/password authentication with Latch as 2FA.

You can download de full documentation of this plugin from:

Latch plugin manual (English)

Latch plugin manual (Spanish)

Installation

Pre-installation steps:

Before starting the installation of the Plugin, first you need to create the application inside Latch portal (https://latch.elevenpaths.com). The application can be created with any name, and has to have "2-Factor OTP" and "Lock latches after request " disabled. Once the application is created, you have to write down the values of Application ID and Secret, they will be used lately in the plugin configuration.

After the previous process is ended, you need to verify that the system where our broker MQTT is installed, has the required software for Latch plugin. To do this, the following libraries are mandatories:

sudo apt-get install python-pip python-dev mosquitto-dev libmosquitto-dev

Also it will be needed a special library for Python: paho-mqtt. It can be installed with:

pip install paho-mqtt

Likewise Latch plugin needs a Mosquitto plugin for the plugin security development in Python. It can be installed from https://github.com/oribit/mosquitto_pyauth following the instructions described in the webpage.

Installation

With all prerequisite satisfied, Latch plugin can be downloaded from https://github.com/oribit/latch-plugin. Please, download this repository to the path you want to use for the plugin.

Once the plugin is downloaded, we will execute from the directory where it was downloaded python ./tools/install.py,which will proceed with the verification and installation of the plugin in the system. This script will request the values of Application ID and Secret previously mentioned, and they will be stored in the file latch.conf.

The installation script will perform a validation of the prerequisites, and then it will perform the copy of the Plugin files in the specified directory.

Configuration files and tools scripts will be copied in the directory: /etc/mosquitto/plugin/latch. The installation probably will need root permissions (sudo) when it is launched, because Mosquitto configuration file, usually has root owner.

When the installation is finished, it will be necessary to create a user to start using Latch. This can be done with the script: python ./tools/users_op.py After the user is created, the "pairing" can be done.

Execution

The execution of the Plugin is done automatically together iwth the broker MQTT execution. The installation script will add the following line to the Mosquitto configuration file:

auth_plugin /usr/lib/mosquitto/auth_plugin_pyauth.so

auth_opt_pyauth_module mosquitto_latch

auth_opt_latch_conf latch.conf

All messages generated by the Plugin are redirected to the configured standard output in the broker, therefore if it is configured the output to a syslog or a file, Plugin message will be written in the same place.

In addition to the standard redirection, the Plugin publishes to the reserved topic LATCH/status any lock done by Latch, both global level and operation (publish/subscribe) or topic level. Any agent could subscribe to this topic.