Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX18yFLiyukPUKTkah+YDAS34iD1t56WPtzk=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX18yFLiyukPUKfcyY5xFLN9CKZ/Zc3UBpkk=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0:

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+mMYwF+95f6jrGCFcaSSHlrhNs7Bg/tn0=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Jul 17 15:52:57.289011 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.8M, max 15.3M, 12.4M free.
Jul 17 15:52:57.291584 osdx systemd-journald[93647]: Received client request to rotate journal, rotating.
Jul 17 15:52:57.291634 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb.
Jul 17 15:52:57.299522 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system journal clear'.
Jul 17 15:52:57.609847 osdx osdx-coredump[106199]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Jul 17 15:52:57.618505 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system coredump delete all'.
Jul 17 15:52:58.112506 osdx OSDxCLI[93486]: User 'admin' entered the configuration menu.
Jul 17 15:52:58.206608 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system console log-level info'.
Jul 17 15:52:58.258775 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Jul 17 15:52:58.351730 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system strong-password display'.
Jul 17 15:52:58.415113 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'show working'.
Jul 17 15:52:58.508530 osdx modulelauncher[1112]: + Received data: ['93486', 'osdx.utils.xos', 'set_console_log_level', 'info']
Jul 17 15:52:58.525032 osdx OSDxCLI[93486]: Signal 10 received
Jul 17 15:52:58.534810 osdx ifmon[1141]: Changed log-level to info
Jul 17 15:52:58.535230 osdx cfgd[1240]: [93486]Completed change to active configuration
Jul 17 15:52:58.537685 osdx OSDxCLI[93486]: User 'admin' committed the configuration.
Jul 17 15:52:58.559987 osdx OSDxCLI[93486]: User 'admin' left the configuration menu.
Jul 17 15:52:58.720844 osdx OSDxCLI[93486]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 17 15:52:58.721425 osdx OSDxCLI[93486]: pam_unix(cli:session): session closed for user admin
Jul 17 15:52:58.721642 osdx OSDxCLI[93486]: User 'admin' entered the configuration menu.
Jul 17 15:52:58.774321 osdx OSDxCLI[93486]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 17 15:52:58.774546 osdx cfgd[1240]: Execute action [syntax] for node [system ntp authentication-key 1]
Jul 17 15:52:58.789099 osdx OSDxCLI[93486]: pam_unix(cli:session): session closed for user admin
Jul 17 15:52:58.789412 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 qwER43@!'.
Jul 17 15:52:58.867793 osdx OSDxCLI[93486]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 17 15:52:58.873180 osdx OSDxCLI[93486]: pam_unix(cli:session): session closed for user admin
Jul 17 15:52:58.873499 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'show changes'.
Jul 17 15:52:58.922640 osdx OSDxCLI[93486]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 17 15:52:58.927762 osdx cfgd[1240]: [93486]must validation for [system login user admin role] was skipped
Jul 17 15:52:58.947783 osdx WARNING[106241]: Short keyboard patterns are easy to guess.
Jul 17 15:52:58.948030 osdx INFO[106241]: Suggestions:
Jul 17 15:52:58.948095 osdx INFO[106241]:   Add another word or two. Uncommon words are better.
Jul 17 15:52:58.948147 osdx INFO[106241]:   Use a longer keyboard pattern with more turns.
Jul 17 15:52:58.948191 osdx INFO[106241]: Crack times (passwords per time):
Jul 17 15:52:58.948234 osdx INFO[106241]:   100 per hour:              centuries
Jul 17 15:52:58.948282 osdx INFO[106241]:   10 per second:             3 months
Jul 17 15:52:58.948364 osdx INFO[106241]:   10.000 per second:         3 hours
Jul 17 15:52:58.948410 osdx INFO[106241]:   10.000.000.000 per second: less than a second
Jul 17 15:52:58.953358 osdx cfgd[1240]: Execute action [end] for node [system ntp]
Jul 17 15:52:58.980017 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Jul 17 15:52:58.986687 osdx ntpd[106249]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Jul 17 15:52:58.986963 osdx ntp-systemd-wrapper[106249]: 2024-07-17T15:52:58 ntpd[106249]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Jul 17 15:52:58.987014 osdx ntpd[106249]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Jul 17 15:52:58.987056 osdx ntp-systemd-wrapper[106249]: 2024-07-17T15:52:58 ntpd[106249]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Jul 17 15:52:58.987788 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Jul 17 15:52:58.988747 osdx cfgd[1240]: [93486]Completed change to active configuration
Jul 17 15:52:58.990286 osdx ntpd[106251]: INIT: precision = 0.053 usec (-24)
Jul 17 15:52:58.990811 osdx ntpd[106251]: INIT: successfully locked into RAM
Jul 17 15:52:58.990824 osdx ntpd[106251]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Jul 17 15:52:58.990852 osdx ntpd[106251]: AUTH: authreadkeys: reading /etc/ntp.keys
Jul 17 15:52:58.990990 osdx ntpd[106251]: AUTH: authreadkeys: added 1 keys
Jul 17 15:52:58.991029 osdx ntpd[106251]: INIT: Using SO_TIMESTAMPNS(ns)
Jul 17 15:52:58.991042 osdx ntpd[106251]: IO: Listen and drop on 0 v6wildcard [::]:123
Jul 17 15:52:58.991054 osdx ntpd[106251]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Jul 17 15:52:58.991282 osdx OSDxCLI[93486]: pam_unix(cli:session): session closed for user admin
Jul 17 15:52:58.991376 osdx ntpd[106251]: IO: Listen normally on 2 lo 127.0.0.1:123
Jul 17 15:52:58.991390 osdx ntpd[106251]: IO: Listen normally on 3 lo [::1]:123
Jul 17 15:52:58.991406 osdx ntpd[106251]: IO: Listening on routing socket on fd #20 for interface updates
Jul 17 15:52:58.991411 osdx ntpd[106251]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Jul 17 15:52:58.991454 osdx ntpd[106251]: INIT: OpenSSL 3.0.11 19 Sep 2023, 300000b0
Jul 17 15:52:58.991635 osdx OSDxCLI[93486]: User 'admin' committed the configuration.
Jul 17 15:52:58.991877 osdx ntpd[106251]: NTSc: Using system default root certificates.
Jul 17 15:52:59.029974 osdx OSDxCLI[93486]: User 'admin' left the configuration menu.
Jul 17 15:52:59.152212 osdx OSDxCLI[93486]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---