How can I use different authentication methods for different MQTT endpoints? [Mosquitto]

Question

I have a Mosquitto MQTT Broker, configured for Websockets on one port, and mqtt over another.

I have a custom authentication plugin, and it works well. What I want, however, is that only clients connecting over websockets use my plugin, and clients connecting over mqtt protocol use the default TLS authentication.

I am hoping there is some simple setting I have overlooked that I can add to the configuration file, but any/all solutions are welcome. Many thanks.

Answer 1

From the mosquitto.conf man page

per_listener_settings [ true | false ]

If true, then authentication and access control settings will be controlled on a per-listener basis. The following options are affected:

password_file, acl_file, psk_file, allow_anonymous, allow_zero_length_clientid, auth_plugin, auth_opt_*, auto_id_prefix.

Note that if set to true, then a durable client (i.e. with clean session set to false) that has disconnected will use the ACL settings defined for the listener that it was most recently connected to.

The default behaviour is for this to be set to false, which maintains the settings behaviour from previous versions of mosquitto.

Reloaded on reload signal.

If you set this to true then you can include listerner specific settings under each listener entry in the config file and they will each have their own acl/user settings.