Mosquito update 4.1 - ACL messages in logs

I have no Mqtt settings in configuration.yaml not even mqtt: section. I have default settings in the mosquito add-on. I have set a user name and password in the add-on configuration.

Default settings are here

@Crhass assuming you have setup mqtt in the integrations?

And…

Add the following configuration to enable ACLs:

  1. Set the active flag within the customize section to true in your configuration.
  2. Create a file in /share/mosquitto named acl.conf with the following contents:
acl_file /share/mosquitto/accesscontrollist
  1. Create a file in /share/mosquitto named accesscontrollist and add contents according to your requirements.

Is it possible to make a sort of generic or wildcard/catchall ACL so that we don’t get the errors?

All my clients use the same account to login. Can I write an ACL that allows it to use all topics without specifying them all?

You can add the following to your accesscontrollist file. It will allow a specific user to read and write to any topic.

# This only affects clients with username "bobby"
user bobby
topic #
1 Like

If you create a home assistant user with the same username and password as your local MQTT user, you can delete the user from the broker as it will use a Home Assistant user. (If you do this then you don’t need to reconfigure any settings in your devices)

I have been running like this since v3 of the broker - all default settings in broker and the MQTT integration I have discovery enabled. I do not have ANY manual device configuration at all and no MQTT: section in config yaml.

1 Like

Do you make the UN and PW blank in the mosquito add-on config or do you remove the whole login section?

This is different to the ACL config we have been discussing though.

Just make them blank… or tap on default and save.

1 Like

It was getting my crazy after this new release…Thank you very much for the info!! It worked like a charm!

Hi. I have the same problem, except, initially Hassio stopped working with Mosquito. I had to add my Mosquito username and password to the MQTT: entry in my configuration.yaml.
It now works, but I get the ACL messages you describe.
What did you actually do to resolve this please?

For me, doing this got rid of the verbose logging:

Mosquitto broker add on logging

That worked - thank you!

1 Like

I switched to the Community MQTT & HiveMQ add on and it seems to be more reliable again. I have a couple of clients that refused to stay connected to the official 4.1 release now. After removing and reconfiguring to the community add-on, all my old stuff started working immediately again.

1 Like

I added users to HA, removed MQTT config from config.yaml, works OK.
Then I enabled acl as described above and log flood disapeared, but with each connection log show client user name and password in clear text, which “security expert” programed it???

Blockquote
1552674144: |-- mosquitto_auth_unpwd_check(hasscore) 1552674144: |-- ** checking backend http 1552674144: |-- url=http://127.0.0.1:8080/login 1552674144: |-- data=username=…name…&password=…pwd…&topic=&acc=-1&clientid= [INFO] found hasscore on Home Assistant 1552674146: |-- getuser(hasscore) AUTHENTICATED=1 by http
Blockquote

1 Like

HI, you sure is that? Somewhere else I red its

topic readwrite #

also you know how to allow access without username?

Also how to put if you have 2 usernames

user bobby
topic readwrite # 

user paul
topic readwrite #  

?

user bobby
topic #

This format works for me.

It’s not a breaking change and didn’t break anything for my system… Perhaps instead of ranting you can post the broker config here?

Oh it’s definitely very broken. No more communication between mosquitto broker and my hubitat bridge.

I just rolled back as described here:

As far as ranting goes, I’ve been working in this industry for 30 years and its more than time that more people are held liable and/or called out for crap code and sloppy rollouts. As seems to be the case with the 737 Max, bad software is now killing people.

1 Like

I agree with you on the breaking/modified. The HA dev team plays fast and loose with backwards compatibility and testing.

It wouldn’t matter so much if these were minor things, but people’s houses are directly affected by these kinds of things.

2 Likes

– deleted since context was missing.

I’m still confused.

HA seems to be working with the Mosquitto 4.1 aadon except after every HA version update I have to restart HA once more.

I would like to try adding the ACL files but am not sure what I need. I do not want unrestricted access.

I have one user, “mqtt_user”, that all my devices use. It’s a home assistant user. So I guess I add this to the file:

user mqtt_user
topic #

Do I also need to add an entry for home assistant to access the broker?