Latch Plugin for Mosquitto
Latch Plugin for Mosquitto allows to add, in an easy way, a second factor authentication inside IoT ecosystem, doing the integration in the platform (MQTT Broker), instead of devices, allowing to free resources from them, and maximizing compatibility and scalability.
It is developed in Python over Mosquitto auth-plugin basis, therefore it is supported the use of standard ACLs, as well as user/password authentication with Latch as 2FA.
You can download de full documentation of this plugin from:
Before starting the installation of the Plugin, first you need to create the application inside Latch portal (https://latch.elevenpaths.com). The application can be created with any name, and has to have "2-Factor OTP" and "Lock latches after request " disabled. Once the application is created, you have to write down the values of Application ID and Secret, they will be used lately in the plugin configuration.
After the previous process is ended, you need to verify that the system where our broker MQTT is installed, has the required software for Latch plugin. To do this, the following libraries are mandatories:
sudo apt-get install python-pip python-dev mosquitto-dev libmosquitto-dev
Also it will be needed a special library for Python: paho-mqtt. It can be installed with:
pip install paho-mqtt
Likewise Latch plugin needs a Mosquitto plugin for the plugin security development in Python. It can be installed from https://github.com/oribit/mosquitto_pyauth following the instructions described in the webpage.
With all prerequisite satisfied, Latch plugin can be downloaded from https://github.com/oribit/latch-plugin. Please, download this repository to the path you want to use for the plugin.
Once the plugin is downloaded, we will execute from the directory where it was downloaded
python ./tools/install.py,which will proceed with the verification and installation of the plugin in the system. This script will request the values of Application ID and Secret previously mentioned, and they will be stored in the file latch.conf.
The installation script will perform a validation of the prerequisites, and then it will perform the copy of the Plugin files in the specified directory.
Configuration files and tools scripts will be copied in the directory: /etc/mosquitto/plugin/latch. The installation probably will need root permissions (sudo) when it is launched, because Mosquitto configuration file, usually has root owner.
When the installation is finished, it will be necessary to create a user to start using Latch. This can be done with the script:
python ./tools/users_op.py After the user is created, the "pairing" can be done.
The execution of the Plugin is done automatically together iwth the broker MQTT execution. The installation script will add the following line to the Mosquitto configuration file:
All messages generated by the Plugin are redirected to the configured standard output in the broker, therefore if it is configured the output to a syslog or a file, Plugin message will be written in the same place.
In addition to the standard redirection, the Plugin publishes to the reserved topic LATCH/status any lock done by Latch, both global level and operation (publish/subscribe) or topic level. Any agent could subscribe to this topic.