Client Accounts
This section describes how to create client accounts in order to connect clients to the broker. A client account defines the connection details of a client (name, password, client id) and sets the rights a client has, when connected using the client account (roles, groups). A client account can be used for multiple clients as long as no fixed client id has been set.
Clients are part of the dynamic security of Mosquitto. See here for a detailed description of the concepts of the dynamic security feature. Clients not listed in the client overview table will automatically get the default ACL assigned.
The dynamic security feature is available since version 2.0 of Eclipse Mosquitto. If you are still using version 1.6, see this guide on how to migrate.
Clients Overview
The client overview lists all clients showing their name, id, text name and description. In addition, you can view and assign the group(s) the client belongs to and view and assign the role(s) of the client.
Following a sample client table listing some sample clients:
Below the table you can select how many clients are displayed on one page of the table. Clicking on the arrow button will show the next or previous set of clients, if there are more clients defined than visible on one page.
Set client roles and groups
You are able to add roles and groups to a client. In the client table you are able to set one or multiple roles or groups to a client. Open the dropdown box and select from the list.
A client will only be actually usable, if some kind of role is connected to the client. This could be directly or indirectly over a group which is connected to a role. The set ACLs in a role determine the rights of a client.
Connect, disconnect or delete a client
You can delete a client from the list by clicking on the "Trash bin" icon and confirming this action. It is not always needed to delete a client. If you want to temporarily disconnect a client, go to the client overview table and click the switch icon on the right side to connect or disconnect a client.
Create clients
To create a client, click on the "New Client" Button on the top right. After that the following page opens:
The following properties can be set for a new client:
- Name: The name of the client, i.e., the name that is used for login.
- Password: The password for the client, i.e., the password that is used for login.
- Id: The client id. If set, the client account needs to use that exact id for the connection. Leave empty to allow any client id for the connection. Note: Client ids have to be unique. A client connecting using the same client id as an already connected client, will force the broker to disconnect the connected client.
- Text Name: An textual name for the client, e.g., to specify the email address if the client is a person.
- Text Description: An description for the client.
Username and password are required for creating a client. The client id, text name and the text description are optional.
After filling out the form fields, press the save button to create the new client. You then will be redirected to the client overview page and the new client should be listed there:
By default, the set settings of your client are protected. You can only edit details, when you first click on the "edit" icon on the bottom and finish the edit with a "save". Delete a client by clicking the "trash" icon in the client overview table.
Edit clients
To edit client properties, click on the client row and the following page opens. Click on the "Edit" button to change the properties, which are explained above.
Configuring default access
The initial configuration sets the default ACL type behaviors to:
publishClientSend
: denypublishClientReceive
: allowsubscribe
: denyunsubscribe
: allow
You can edit the default settings by clicking on the "Edit Default ACL Access" icon on the Roles page.