Authentication
There are two authentication methods:
You can use both X.509 certificates and passwords at the same time. Note that passwords have a higher priority than certificates. The table below describes different ways to use a certificate and password simultaneously during authentication.
| Certificate | Password | Authentication |
|---|---|---|
| Invalid | Invalid | Authentication fails. |
| Invalid | Correct | Authentication is successful. |
| Correct | Invalid | Authentication fails. |
| Correct | Correct | Authentication using a username and password is successful. |
| Correct, but for a different device |
Correct | Authentication is performed on behalf of the device, the ID of which is specified in the username. |
Authentication using certificates
When authenticating with X.509 certificates, private keys and certificates stored as .pem files are used. They are stored on a device or in a registry.
- For a private key, you specify the path to the .pem file when sending messages or subscribing to receive messages.
- You add the certificate to the device or registry and specify the path to the .pem file with the certificate when sending messages or subscribing to receive messages.
Each certificate must be unique. You can't add the same certificate to two different devices or a device and a registry. To send and receive messages in a topic, you need to use two different certificates.
Warning
No additional settings are required for working with the MQTT broker integrated into the CLI (yc iot mqtt --help). If you use third-party libraries or applications (such as Mosquitto) as an MQTT broker, use the MQTT broker connection parameters.
Authenticating by username and password
When authenticating with your username and password:
- The username is the ID of the device or registry.
- The password is a combination of characters that you specify. You can also generate your password in the CLI.
- Minimum password length is 14 characters.
- The password must contain three groups of characters out of these four: lowercase Latin letters, uppercase Latin letters, numbers, and special characters.