# Mnesia Authentication

Mnesia authentication uses the built-in Mnesia database of EMQ X to store client Client ID/Username and password, and supports management of authentication data through HTTP API.

Mnesia authentication does not depend on external data sources, and it is simple and lightweight to use.

Plugin:

emqx_auth_mnesia
1

# Authentication rules

# Hash method

Mnesia authentication uses sha256 for password hash encryption by default, which can be changed in etc/plugins/emqx_auth_mnesia.conf:

# etc/plugins/emqx_auth_mnesia.conf

## Value: plain | md5 | sha | sha256
auth.mnesia.password_hash = sha256
1
2
3
4

After configuring [Hash Method](./auth.md#Password salting rules and hash methods), the newly added preset authentication data and authentication data added through the HTTP API will be stored in the EMQ X built-in database in the format of hash ciphertext.

# Preset authentication data

You can preset authentication data through the configuration file and edit the configuration file: etc/plugins/emqx_auth_mnesia.conf

# etc/plugins/emqx_auth_mnesia.conf

## The first group of authentication data
auth.client.1.clientid = admin
auth.client.1.password = public

## The second group of authentication data
auth.user.2.username = admin
auth.user.2.password = public
1
2
3
4
5
6
7
8
9

When the plugin starts, it will read the preset authentication data and load it into the EMQ X built-in database, and the authentication data on the node will be synchronized to the cluster at this stage.

WARNING

The preset authentication data uses a clear text password in the configuration file. For security and maintainability, this function should be avoided.

The preset authentication data cannot be modified or deleted through the API, please use it with caution.

# Use the HTTP API to manage authentication data

# Add authentication data

  • Clientid

    # Request
    POST api/v4/auth_clientid
    {
        "clientid": "emqx_c",
        "password": "emqx_p"
    }
    # Response
    {
        "code": 0
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
  • Username

    # Request
    POST api/v4/auth_username
    {
        "username": "emqx_u",
        "password": "emqx_p"
    }
    
    # Response
    {
        "code": 0
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11

# Add authentication data in batch

  • Clientid

    # Request
    POST api/v4/auth_clientid
    [
        {
            "clientid": "emqx_c_1",
            "password": "emqx_p"
        },
        {
            "clientid": "emqx_c_2",
            "password": "emqx_p"
        }
    ]
    
    # Response
    {
        "data": {
            "emqx_c_2": "ok",
            "emqx_c_1": "ok"
        },
        "code": 0
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
  • Username

    # Request
    POST api/v4/auth_username
    [
        {
            "username": "emqx_u_1",
            "password": "emqx_p"
        },
        {
            "username": "emqx_u_2",
            "password": "emqx_p"
        }
    ]
    
    # Response
    {
        "data": {
            "emqx_c_2": "ok",
            "emqx_c_1": "ok"
        },
        "code": 0
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21

# Check the added authentication data

  • Clientid

    # Request
    GET api/v4/auth_clientid
    
    # Response
    {
      "meta": {
        "page": 1,
        "limit": 10,
        "count": 1
      },
      "data": [
                  "clinetid": "emqx_c",
                  "clinetid": "emqx_c_1",
                  "clinetid": "emqx_c_2"
              ],
      "code": 0
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
  • Username

    # Request
    GET api/v4/auth_username
    
    # Response
    {
      "meta": {
        "page": 1,
        "limit": 10,
        "count": 1
      },
      "data": [
                  "username": "emqx_u",
                  "username": "emqx_u_1",
                  "username": "emqx_u_2"
              ],
      "code": 0
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17

# Change the added authentication data

  • Clientid

    # Request
    PUT api/v4/auth_clientid/${clientid}
    {
        "password": "emqx_new_p"
    }
    
    # Response
    {
        "code": 0
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
  • Username

    # Request
    PUT api/v4/auth_username/${username}
    {
        "password": "emqx_new_p"
    }
    
    # Response
    {
        "code": 0
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10

# Check the specified authentication data

Note that the password returned here is the password encrypted using the hash method specified in the configuration file:

  • Clientid

    # Request
    GET api/v4/auth_clientid/${clientid}
    
    # Response
    {
        "code": 0,
        "data": {
            "clientid": "emqx_c",
            "password": "091dc8753347e7dc5d348508fe6323735eecdb84fa800548870158117af8a0c0"
        }
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
  • Username

    # Request
    GET api/v4/auth_username/${username}
    
    # Response
    {
        "code": 0,
        "data": {
            "username": "emqx_u",
            "password": "091dc8753347e7dc5d348508fe6323735eecdb84fa800548870158117af8a0c0"
        }
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11

# Delete the authentication data

  • Clinetid

    # Request
    DELETE api/v4/auth_clientid/${clientid}
    
    # Response
    {
        "code": 0
    }
    
    1
    2
    3
    4
    5
    6
    7
  • Username

    # Request
    DELETE api/v4/auth_username/${username}
    
    # Response
    {
        "code": 0
    }
    
    1
    2
    3
    4
    5
    6
    7