Improve documentation of use_identity_as_username.
Closes #1134. Thanks to Adrian P.
This commit is contained in:
parent
c40957a7d8
commit
9df6da16ec
@ -64,15 +64,17 @@
|
|||||||
certificate in order to connect successfully. In this case, the
|
certificate in order to connect successfully. In this case, the
|
||||||
second and third options, use_identity_as_username and
|
second and third options, use_identity_as_username and
|
||||||
use_subject_as_username, become relevant. If set to true,
|
use_subject_as_username, become relevant. If set to true,
|
||||||
use_identity_as_user causes the Common Name (CN) from the client
|
use_identity_as_username causes the Common Name (CN) from the
|
||||||
certificate to be used instead of the MQTT username for access
|
client certificate to be used instead of the MQTT username for
|
||||||
control purposes. The password is not replaced because it is
|
access control purposes. The password is not used because it is
|
||||||
assumed that only authenticated clients have valid certificates. If
|
assumed that only authenticated clients have valid certificates.
|
||||||
use_identity_as_username is false, the client must authenticate as
|
This means that any CA certificates you include in cafile or capath
|
||||||
normal (if required by password_file) through the MQTT options. The
|
will be able to issue client certificates that are valid for
|
||||||
same principle applies for the use_subject_as_username option, but
|
connecting to your broker. If use_identity_as_username is false,
|
||||||
the entire certificate subject is used as the username instead of
|
the client must authenticate as normal (if required by
|
||||||
just the CN.</para>
|
password_file) through the MQTT options. The same principle applies
|
||||||
|
for the use_subject_as_username option, but the entire certificate
|
||||||
|
subject is used as the username instead of just the CN.</para>
|
||||||
<para>When using pre-shared-key based encryption through the psk_hint
|
<para>When using pre-shared-key based encryption through the psk_hint
|
||||||
and psk_file options, the client must provide a valid identity and
|
and psk_file options, the client must provide a valid identity and
|
||||||
key in order to connect to the broker before any MQTT communication
|
key in order to connect to the broker before any MQTT communication
|
||||||
|
Loading…
Reference in New Issue
Block a user