There are two authorization methods:
You can use both X.509 certificates and passwords at the same time. Note that passwords have a higher priority than certificates. The table below describes different ways to use a certificate and password simultaneously during authorization.
|Invalid||Correct||Authorization is successful.|
|Correct||Correct||Authorization using a username and password is successful.|
but for a different device
|Correct||Authorization is performed on behalf of the device whose ID is specified in the username.|
Authorization using certificates
When logging in with X.509 certificates, private keys and certificates stored as .pem files are used. They are stored on a device or in a registry.
- For a private key, you specify the path to the .pem file when sending messages or subscribing to receive messages.
- You add the certificate to the device or registry and specify the path to the .pem file with the certificate when sending messages or subscribing to receive messages.
Each certificate must be unique. You can't add the same certificate to two different devices or a device and a registry. To send and receive messages in a topic, you need to use two different certificates.
No additional settings are required for working with the MQTT broker integrated in the YC CLI (
yc iot mqtt --help). If you use third-party libraries or applications (such as Mosquitto) as an MQTT broker, use the MQTT broker connection parameters.
Authorization using a username and password
When logging in with your username and password:
- The username is the ID of the device or registry.
- The password is a combination of characters that you specify. You can also generate your password via the YC CLI.
- Minimum password length is 14 characters.
- The password must contain 3 out of 4 groups of characters: lowercase Latin letters, uppercase Latin letters, numbers, and special characters.