mosquitto can be configured to use password files. Those have a very
trivial layout, with one "username:password" tuple per line, not unlike
Apache's htpasswd file format, but unlike htpasswd files, the password
can be either in clear (boo!), or encrypted (by calling into openssl's
libcrypto).
Encryption of passwords is done with an ad-hoc tool, mosquitto_passwd,
again very like Apache's htpasswd, but the encrypted form is different
(of course). This encryption is handled by mosquitto_passwd, which can
create, update, or delete users, all while storing their encrypted
password, or it can also convert a password file with clear-text
passwords into a password file with encrypted passwords, e.g. it turns
each "foo:bar" entry to their corresponding encrypted form, like
"foo:$7$101$yLPgk5fn46d....==".
It can be very interesting to maintain a clear-text DB of
users:passwords in configuration management [0], and only convert it to
encrypted passwords when embedded on the target.
Add a host variant for mosquitto, which only installs mosquitto_passwd.
[0] ensuring safety, confidentiality, and integrity of that DB is left
as an exercise to the user, and is clearly out of scope for Buildroot,
like storing the root password in the .config is.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Titouan Christophe <titouanchristophe@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bd9f138b5a