Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+cT4IXTmpWQATze4RIAlUdhYTYq1Nbgqw=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+cT4IXTmpWQG3P0AW+cCZvX3srKt3csHI=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0:

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX192YBR+EnptHUW9HBiS/MgF1aOe4+7u3m8=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Jul 03 15:03:36.286396 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.3M, max 15.3M, 13.0M free.
Jul 03 15:03:36.287107 osdx systemd-journald[19587]: Received client request to rotate journal, rotating.
Jul 03 15:03:36.287146 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b.
Jul 03 15:03:36.295613 osdx OSDxCLI[51147]: User 'admin' executed a new command: 'system journal clear'.
Jul 03 15:03:36.644646 osdx osdx-coredump[72125]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Jul 03 15:03:36.653704 osdx OSDxCLI[51147]: User 'admin' executed a new command: 'system coredump delete all'.
Jul 03 15:03:37.177651 osdx OSDxCLI[51147]: User 'admin' entered the configuration menu.
Jul 03 15:03:37.244288 osdx OSDxCLI[51147]: User 'admin' added a new cfg line: 'set system console log-level info'.
Jul 03 15:03:37.354279 osdx OSDxCLI[51147]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Jul 03 15:03:37.450066 osdx OSDxCLI[51147]: User 'admin' added a new cfg line: 'set system strong-password display'.
Jul 03 15:03:37.517773 osdx OSDxCLI[51147]: User 'admin' added a new cfg line: 'show working'.
Jul 03 15:03:37.610556 osdx modulelauncher[1313]: + Received data: ['51147', 'osdx.utils.xos', 'set_console_log_level', 'info']
Jul 03 15:03:37.624646 osdx OSDxCLI[51147]: Signal 10 received
Jul 03 15:03:37.634620 osdx ifmon[1340]: Changed log-level to info
Jul 03 15:03:37.635024 osdx cfgd[1440]: [51147]Completed change to active configuration
Jul 03 15:03:37.637455 osdx OSDxCLI[51147]: User 'admin' committed the configuration.
Jul 03 15:03:37.662631 osdx OSDxCLI[51147]: User 'admin' left the configuration menu.
Jul 03 15:03:37.823720 osdx OSDxCLI[51147]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 03 15:03:37.824509 osdx OSDxCLI[51147]: pam_unix(cli:session): session closed for user admin
Jul 03 15:03:37.825000 osdx OSDxCLI[51147]: User 'admin' entered the configuration menu.
Jul 03 15:03:37.882044 osdx OSDxCLI[51147]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 03 15:03:37.882506 osdx cfgd[1440]: Execute action [syntax] for node [system ntp authentication-key 1]
Jul 03 15:03:37.894647 osdx OSDxCLI[51147]: pam_unix(cli:session): session closed for user admin
Jul 03 15:03:37.895019 osdx OSDxCLI[51147]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 qwER43@!'.
Jul 03 15:03:37.976125 osdx OSDxCLI[51147]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 03 15:03:37.981123 osdx OSDxCLI[51147]: pam_unix(cli:session): session closed for user admin
Jul 03 15:03:37.981449 osdx OSDxCLI[51147]: User 'admin' added a new cfg line: 'show changes'.
Jul 03 15:03:38.048044 osdx OSDxCLI[51147]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 03 15:03:38.052637 osdx cfgd[1440]: [51147]must validation for [system login user admin role] was skipped
Jul 03 15:03:38.065924 osdx WARNING[72169]: Short keyboard patterns are easy to guess.
Jul 03 15:03:38.065972 osdx INFO[72169]: Suggestions:
Jul 03 15:03:38.066010 osdx INFO[72169]:   Add another word or two. Uncommon words are better.
Jul 03 15:03:38.066037 osdx INFO[72169]:   Use a longer keyboard pattern with more turns.
Jul 03 15:03:38.066060 osdx INFO[72169]: Crack times (passwords per time):
Jul 03 15:03:38.066084 osdx INFO[72169]:   100 per hour:              centuries
Jul 03 15:03:38.066107 osdx INFO[72169]:   10 per second:             3 months
Jul 03 15:03:38.066174 osdx INFO[72169]:   10.000 per second:         3 hours
Jul 03 15:03:38.066201 osdx INFO[72169]:   10.000.000.000 per second: less than a second
Jul 03 15:03:38.070498 osdx cfgd[1440]: Execute action [end] for node [system ntp]
Jul 03 15:03:38.103518 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Jul 03 15:03:38.109123 osdx ntpd[72177]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Jul 03 15:03:38.109146 osdx ntpd[72177]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Jul 03 15:03:38.109441 osdx ntp-systemd-wrapper[72177]: 2024-07-03T15:03:38 ntpd[72177]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Jul 03 15:03:38.109441 osdx ntp-systemd-wrapper[72177]: 2024-07-03T15:03:38 ntpd[72177]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Jul 03 15:03:38.109799 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Jul 03 15:03:38.111109 osdx cfgd[1440]: [51147]Completed change to active configuration
Jul 03 15:03:38.112256 osdx ntpd[72179]: INIT: precision = 0.054 usec (-24)
Jul 03 15:03:38.112780 osdx ntpd[72179]: INIT: successfully locked into RAM
Jul 03 15:03:38.112793 osdx ntpd[72179]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Jul 03 15:03:38.112822 osdx ntpd[72179]: AUTH: authreadkeys: reading /etc/ntp.keys
Jul 03 15:03:38.112944 osdx ntpd[72179]: AUTH: authreadkeys: added 1 keys
Jul 03 15:03:38.112984 osdx ntpd[72179]: INIT: Using SO_TIMESTAMPNS(ns)
Jul 03 15:03:38.112998 osdx ntpd[72179]: IO: Listen and drop on 0 v6wildcard [::]:123
Jul 03 15:03:38.113011 osdx ntpd[72179]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Jul 03 15:03:38.113353 osdx ntpd[72179]: IO: Listen normally on 2 lo 127.0.0.1:123
Jul 03 15:03:38.113373 osdx ntpd[72179]: IO: Listen normally on 3 lo [::1]:123
Jul 03 15:03:38.113393 osdx ntpd[72179]: IO: Listening on routing socket on fd #20 for interface updates
Jul 03 15:03:38.113399 osdx ntpd[72179]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Jul 03 15:03:38.113449 osdx ntpd[72179]: INIT: OpenSSL 3.0.11 19 Sep 2023, 300000b0
Jul 03 15:03:38.113721 osdx OSDxCLI[51147]: pam_unix(cli:session): session closed for user admin
Jul 03 15:03:38.113941 osdx ntpd[72179]: NTSc: Using system default root certificates.
Jul 03 15:03:38.114029 osdx OSDxCLI[51147]: User 'admin' committed the configuration.
Jul 03 15:03:38.140361 osdx OSDxCLI[51147]: User 'admin' left the configuration menu.
Jul 03 15:03:38.254257 osdx OSDxCLI[51147]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---