authentication

2016-02-26 23:22:54 +08:00 · 2016-02-26 23:22:54 +08:00 · f2638c396a
parent 062e154dec
commit f2638c396a
1 changed files with 92 additions and 112 deletions
--- a/docs/source/config.rst
+++ b/docs/source/config.rst
@ -246,39 +246,38 @@ emqttd消息服务器认证由一系列认证模块(module)或插件(plugin)提
          认证插件加载后认证模块失效。
-用户名密码认证
+Username and Password Authentication
-..............
+....................................
 .. code:: erlang
    {username, [{test1, "passwd1"}, {test2, "passwd2"}]},
-两种方式添加用户:
+Two ways to configure users:
-1. 直接在[]中明文配置默认用户::
+1. Configure username and plain password directly::
-    [{test1, "passwd1"}, {test2, "passwd2"}]
+    {username, [{test1, "passwd1"}, {test2, "passwd2"}]},
-2. 通过'./bin/emqttd_ctl'管理命令行添加用户::
+2. Add users by './bin/emqttd_ctl' command::
   $ ./bin/emqttd_ctl users add <Username> <Password>
-ClientID认证
+ClientID Authentication
-............
+.......................
 .. code:: erlang
    {clientid, [{password, no}, {file, "etc/clients.config"}]},
-etc/clients.config文件中添加ClientID::
+Configure ClientIDs in etc/clients.config::
    testclientid0
    testclientid1 127.0.0.1
    testclientid2 192.168.0.1/24
-
+LDAP Authentication
-LDAP认证
+...................
 ........
 .. code:: erlang
@ -294,85 +293,59 @@ LDAP认证
    ]},
-匿名认证
+Anonymous Authentication
-........
+........................
-默认开启。允许任意客户端登录::
+Allow any clients connect to the broker::
    {anonymous, []}
-access用户访问控制(ACL)
+ACL Config
-----------------------
+----------
-emqttd消息服务器支持基于etc/acl.config文件或MySQL、PostgreSQL插件的访问控制规则。
+Enable the default ACL module::
 默认开启基于etc/acl.config文件的访问控制::
    %% ACL config
    {acl, [
        %% Internal ACL module
        {internal,  [{file, "etc/acl.config"}, {nomatch, allow}]}
    ]}
-etc/acl.config访问控制规则定义::
+MQTT Packet and ClientID
 ------------------------
-    允许|拒绝  用户|IP地址|ClientID  发布|订阅  主题列表
+.. code::
 etc/acl.config默认访问规则设置::
    {allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
    {allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
    {deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
    {allow, all}.
 .. NOTE:: 默认规则只允许本机用户订阅'$SYS/#'与'#'
 emqttd消息服务器接收到MQTT客户端发布(PUBLISH)或订阅(SUBSCRIBE)请求时，会逐条匹配ACL访问控制规则，
 直到匹配成功返回allow或deny。
 MQTT报文(Packet)尺寸与ClientID长度限制
 --------------------------------------
 'packet'段落设置最大报文尺寸、最大客户端ID长度::
    {packet, [
-        %% ClientID长度, 默认1024
+        %% Max ClientId Length Allowed
        {max_clientid_len, 1024},
-        %% 最大报文长度，默认64K
+        %% Max Packet Size Allowed, 64K default
        {max_packet_size,  65536}
    ]},
 MQTT Client Idle Timeout
 ------------------------
-MQTT客户端(Client)连接闲置时间
+.. code::
 ------------------------------
 'client'段落设置客户端最大允许闲置时间(Socket连接建立，但未发送CONNECT报文)::
    {client, [
-        %% 单位: 秒
+        %% Socket is connected, but no 'CONNECT' packet received
        {idle_timeout, 10}
    ]},
 MQTT Session
 ------------
-MQTT会话(Session)参数设置
+.. code::
 -------------------------
 'session'段落设置MQTT会话参数::
    {session, [
        %% Max number of QoS 1 and 2 messages that can be “in flight” at one time.
        %% 0 means no limit
        {max_inflight, 100},
-        %% Retry interval for redelivering QoS1/2 messages.
+        %% Retry interval for unacked QoS1/2 messages.
        {unack_retry_interval, 20},
        %% Awaiting PUBREL Timeout
@ -381,7 +354,7 @@ MQTT会话(Session)参数设置
        %% Max Packets that Awaiting PUBREL, 0 means no limit
        {max_awaiting_rel, 0},
-        %% Statistics Collection Interval(seconds)
+        %% Interval of Statistics Collection(seconds)
        {collect_interval, 20},
        %% Expired after 2 days
@ -389,33 +362,33 @@ MQTT会话(Session)参数设置
    ]},
-会话参数详细说明:
+Session parameters:
 +----------------------+----------------------------------------------------------+
-| max_inflight         | 飞行窗口。最大允许同时下发的Qos1/2报文数，0表示没有限制。|
+| max_inflight         | Max number of QoS1/2 messages that can be delivered in   |
-|                      | 窗口值越大，吞吐越高；窗口值越小，消息顺序越严格         |
+|                      | the same time                                            |
 +----------------------+----------------------------------------------------------+
-| unack_retry_interval | 下发QoS1/2消息未收到PUBACK响应的重试间隔                 |
+| unack_retry_interval | Retry interval for unacked QoS1/2 messages.              |
 +----------------------+----------------------------------------------------------+
-| await_rel_timeout    | 收到QoS2消息，等待PUBREL报文超时时间                     |
+| await_rel_timeout    | Awaiting PUBREL Timeout                                  |
 +----------------------+----------------------------------------------------------+
-| max_awaiting_rel     | 最大等待PUBREL的QoS2报文数                               |
+| max_awaiting_rel     | Max number of Packets that Awaiting PUBREL               |
 +----------------------+----------------------------------------------------------+
-| collect_interval     | 采集会话统计数据间隔，默认0表示关闭统计                  |
+| collect_interval     | Interval of Statistics Collection                        |
 +----------------------+----------------------------------------------------------+
-| expired_after        | 持久会话到期时间，从客户端断开算起，单位：小时           |
+| expired_after        | Expired after                                            |
 +----------------------+----------------------------------------------------------+
-MQTT会话消息队列(MQueue)设置
+Message Queue 
----------------------------
+-------------
-emqttd消息服务器会话通过队列缓存Qos1/Qos2消息:
+The message queue of session stores:
-1. 持久会话(Session)的离线消息
+1. Offline messages for persistent session.
-2. 飞行窗口满而延迟下发的消息
+2. Pending messages for inflight window is full
-队列参数设置::
+Queue parameters::
    {queue, [
        %% simple | priority
@ -438,79 +411,70 @@ emqttd消息服务器会话通过队列缓存Qos1/Qos2消息:
        {queue_qos0, true}
    ]}
 队列参数说明:
 +----------------------+---------------------------------------------------+
-| type                 | 队列类型。simple: 简单队列，priority: 优先级队列  |
+| type                 | Queue type: simple or priority                    |
 +----------------------+---------------------------------------------------+
-| priority             | 主题(Topic)队列优先级设置                         |
+| priority             | Topic priority                                    |
 +----------------------+---------------------------------------------------+
-| max_length           | 队列长度, infinity表示不限制                      |
+| max_length           | Max Queue size, infinity means no limit           |
 +----------------------+---------------------------------------------------+
-| low_watermark        | 解除告警水位线                                    |
+| low_watermark        | Low watermark                                     |
 +----------------------+---------------------------------------------------+
-| high_watermark       | 队列满告警水位线                                  |
+| high_watermark       | High watermark                                    |
 +----------------------+---------------------------------------------------+
-| queue_qos0           | 是否缓存QoS0消息                                  |
+| queue_qos0           | If Qos0 message queued?                           |
 +----------------------+---------------------------------------------------+
-broker消息服务器参数
+Sys Interval of Broker
 --------------------
 'broker'段落设置消息服务器内部模块参数。
 sys_interval设置系统发布$SYS消息周期::
    {sys_interval, 60},
 broker retained消息设置
 -----------------------
-retained设置MQTT retain消息处理参数::
+.. code::
    %% System interval of publishing $SYS messages
    {sys_interval, 60},
 Retained messages
 -----------------
 .. code::
    {retained, [
-        %% retain消息过期时间，单位: 秒
+        %% Expired after seconds, never expired if 0
        {expired_after, 0},
-        %% 最大retain消息数量
+        %% Maximum number of retained messages
        {max_message_num, 100000},
-        %% retain消息payload最大尺寸
+        %% Max Payload Size of retained message
        {max_playload_size, 65536}
    ]},
-+-----------------+-------------------------------------+
+PubSub and Router
-| expired_after   | Retained消息过期时间，0表示永不过期 |
+-----------------
 +-----------------+-------------------------------------+
 | max_message_num | 最大存储的Retained消息数量          |
 +-----------------+-------------------------------------+
 | max_packet_size | Retained消息payload最大允许尺寸     |
 +-----------------+-------------------------------------+
-broker pubsub路由设置
+.. code:: erlang
 -----------------------
 发布/订阅(Pub/Sub)路由模块参数::
    {pubsub, [
-        %% PubSub Erlang进程池
+        %% PubSub Pool
        {pool_size, 8},
-        %% 订阅存储类型，ram: 内存, disc: 磁盘, false: 不保存
+        %% Subscription: disc | ram | false
        {subscription, ram},
-        %% 路由老化时间
+        %% Route aging time(seconds)
        {route_aging, 5}
    ]},
 Bridge Parameters
 -----------------
 .. code:: erlang
    {bridge, [
-        %% 最大缓存桥接消息数
+        %% Bridge Queue Size
        {max_queue_len, 10000},
-        %% 桥接节点宕机检测周期，单位: 秒
+        %% Ping Interval of bridge node
        {ping_down_interval, 1}
    ]}
@ -541,7 +505,6 @@ Enable Modules
        %% Rewrite rules
        {rewrite, [{file, "etc/rewrite.config"}]}
 Plugins Folder
 --------------
@ -559,7 +522,7 @@ Plugins Folder
 TCP Listeners
 -------------
-Congfigure the TCP listener for MQTT, MQTT(SSL) and HTTP Protocols.
+Congfigure the TCP listeners for MQTT, MQTT(SSL) and HTTP Protocols.
 The most important parameter is 'max_clients' - max concurrent clients allowed.
@ -704,6 +667,23 @@ An ACL rule is an Erlang tuple. The Access control module of emqttd broker match
 .. _config_rewrite:
 ------------------
 etc/clients.config
 ------------------
 Enable ClientId Authentication in 'etc/emqttd.config'::
    {auth, [
        %% Authentication with clientid
        {clientid, [{password, no}, {file, "etc/clients.config"}]}
    ]},
 Configure all allowed ClientIDs, IP Addresses in etc/clients.config::
    testclientid0
    testclientid1 127.0.0.1
    testclientid2 192.168.0.1/24
 ------------------
 etc/rewrite.config
 ------------------