Skip to main content
Version: Mosquitto 2.8

Force Username as Client ID plugin

When utilizing this plugin, it mandates that every client's username will automatically be set to match its client id before proceeding with any basic username/password authentication. This feature is particularly beneficial for devices or applications that bypass the use of usernames for authentication purposes, akin to the now obsolete IBM Watson IoT platform. It enables such devices or applications to integrate with Mosquitto and utilize usernames for both authentication and authorization, for instance, when leveraging the dynamic security plugin.

Moreover, there are additional Mosquitto options that can alter a client's username based on the information contained within a client's TLS certificate. These options include use_identity_as_username and use_subject_as_username, which should be used in tandem with require_certificate. Should either of these options be enabled alongside the Force Username plugin, the ultimate username assigned to the client will be the one specified by the Force Username plugin.

Plugin configuration

To configure the plugin, add it to your Mosquitto configuration file before other authentication plugins. For example:

listener 8883
certfile <server.pem>
keyfile <server.key>

plugin /usr/lib/cedalo_force_username.so

plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /mosquitto/data/dynamic-security.json

There is no further configuration required.