Username and Password authentication is the most basic authentication method in TDMQ for MQTT. When connecting, the client provides a Username and Password. MQTT matches them with the credentials stored internally and accepts the client request upon a successful match.
Prerequisites
The MQTT cluster has been created. For specific steps, refer to Create Cluster.
2. Click Resource > Cluster in the left sidebar. After selecting a region, click the "ID" of the target cluster to enter the cluster basic information page.
3. On the cluster detail page, select Authentication and enter the Username and Password tab.
4. Click Create User, enter username and description, and set password. Username and password are the most basic authentication method provided by MQTT. You need to fill them in when using the client to send/receive messages subsequently.
Username: Set username, comply with naming rule, longest 32 characters, support numbers, upper- and lower-case letters, and separators ("_", "-").
Password: Set user password, support system automatically generate password or customize settings. Password longest 64 characters, support digits, uppercase and lowercase letters, separators ("_", "-").
Description (optional): must not exceed 128 characters.
5. Click Save to complete user creation. Subsequently, in the user list, you can copy the username and password in any of the following ways.
Note:
Password leakage is likely to cause your data leakage. Please keep your password safe.
Method 1: Copying from the Token column
Method 2: Viewing and copying from the Operation column
Copy in the Username and Password columns.
Click View Password in the Action column, click to view the icon in the pop-up password window, then click the copy icon.
Configuring Permission
After user creation is completed, the created user needs to be granted permission to produce messages and consume messages.
When the authorization policy is not enabled, the data plane resources have no permission management. You can use any "username + password" to connect, produce, and consume. For production environments, it is advisable to implement fine-grained permission control based on the principle of least privilege. For detailed introduction and operation steps, refer to Configuring Data Plane Authorization.
Deleting User
Note:
Once a user is deleted, their username and password will immediately become invalid. Any message production or consumption activities relying on these credentials will be terminated. Please ensure relevant tasks have been stopped or new credentials have been configured before proceeding.
When you no longer need a user, you can delete them in the console. Specific steps:
On the user list page, click Delete in the operation bar, then confirm Delete in the pop-up window to delete a user.
