linuxmqttmosquitto

Getting "Extended authentication not enabled" in Mosquitto authentication plugin

I am using the mosquitto-go-auth plugin for authentication in mosquitto broker.

I have setup the plugin by following these link

https://github.com/iegomez/mosquitto-go-auth

https://www.chirpstack.io/project/guides/mqtt-authentication/#build-for-mosquitto-14x

this is my mosquitto.conf

  per_listener_settings false 
  listener 1883 
  protocol mqtt
  auth_plugin /home/user/mosquitto-go-auth/go-auth.so
  allow_anonymous false 
  persistence true 
  persistence_location /var/lib/mosquitto/ 
  log_dest file /var/log/mosquitto/mosquitto.log

When I restart my broker I get this in my log file.

1731240636:  ├── TLS-PSK checking enabled.
1731240636:  └── Extended authentication not enabled.
1731240636: mosquitto version 2.0.15 starting
1731240636: Config loaded from /etc/mosquitto/mosquitto.conf.
1731240636: Loading plugin: /home/user/mosquitto-go-auth/go-auth.so
1731240636:  ├── Username/password checking enabled.
1731240636:  ├── TLS-PSK checking enabled.
1731240636:  └── Extended authentication not enabled.
1731240637: mosquitto version 2.0.15 starting
1731240637: Config loaded from /etc/mosquitto/mosquitto.conf.
1731240637: Loading plugin: /home/user/mosquitto-go-auth/go-auth.so
1731240637:  ├── Username/password checking enabled.
1731240637:  ├── TLS-PSK checking enabled.
1731240637:  └── Extended authentication not enabled.
1731240637: mosquitto version 2.0.15 starting
1731240637: Config loaded from /etc/mosquitto/mosquitto.conf.
1731240637: Loading plugin: /home/user/mosquitto-go-auth/go-auth.so
1731240637:  ├── Username/password checking enabled.
1731240637:  ├── TLS-PSK checking enabled.
1731240637:  └── Extended authentication not enabled.

If I remove the plugin then the broker is working fine, but if I add authentication plugin it fails.

I have updated my mosquitto.conf file:

allow_anonymous false
per_listener_settings false

listener 1883
protocol mqtt


auth_plugin /home/user/mosquitto-go-auth/go-auth.so
auth_opt_backends postgres
auth_opt_pg_host 172.25.34.117
auth_opt_pg_port 5432
auth_opt_pg_dbname go_auth
auth_opt_pg_user postgres
auth_opt_pg_password postgres
auth_opt_pg_userquery  SELECT password FROM users WHERE name = ? LIMIT 1
auth_opt_hasher bcrypt
auth_opt_hasher_cost 10
auth_opt_cache true
auth_opt_cache_reset true
#auth_opt_auth_cache_seconds 30
#auth_opt_acl_cache_seconds 90
#auth_opt_auth_jitter_second 3
#auth_opt_acl_jitter_seconds 5
#auth_opt_http_host auth.backend.com
#auth_opt_http_port 80


persistence true
persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log

But in log I am getting the same the same encryption not enabled bu this time the broker is running without any issues. But when i check the Mosquitto status i am getting the Postgres error. Even when all the config settings are entered correctly.

user@DESKTOP-J9NGCNR:/etc/mosquitto$ sudo systemctl status mosquitto
● mosquitto.service - Mosquitto MQTT v3.1/v5 server
     Loaded: loaded (/etc/systemd/system/mosquitto.service; enabled; preset: enabled)
     Active: active (running) since Mon 2024-11-11 04:58:51 UTC; 1s ago
       Docs: http://mosquitto.org/documentation/
   Main PID: 10909 (mosquitto)
      Tasks: 7 (limit: 9337)
     Memory: 13.8M ()
     CGroup: /system.slice/mosquitto.service
             └─10909 /usr/local/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf

Nov 11 04:58:51 DESKTOP-J9NGCNR systemd[1]: Started mosquitto.service - Mosquitto MQTT v3.1/v5 server.
Nov 11 04:58:51 DESKTOP-J9NGCNR Mosquitto[10909]: time="2024-11-11T04:58:51Z" level=error msg="ping database postgres error, will re
Solution

  • The go-auth plugin needs configuring, not just loading.

    In the mosquitto.conf file you need to pick one of the many backends the go-auth plugin can use and include the a set of options that start with auth_pluing_opt_

    e.g. to configure the http auth backed something like this:

    per_listener_settings false 
allow_anonymous false 
persistence true 
persistence_location /var/lib/mosquitto/ 
log_dest file /var/log/mosquitto/mosquitto.log


listener 1883 
protocol mqtt

auth_plugin /home/user/mosquitto-go-auth/go-auth.so
auth_opt_backends http
auth_opt_hasher bcrypt
auth_opt_cache true
auth_opt_auth_cache_seconds 30
auth_opt_acl_cache_seconds 90
auth_opt_auth_jitter_second 3
auth_opt_acl_jitter_seconds 5

auth_opt_http_host auth.backend.com
auth_opt_http_port 80
auth_opt_http_getuser_uri /api/comms/auth/client
auth_opt_http_aclcheck_uri /api/comms/auth/acl