Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX18f3teiyYUjdKDO+1Uhl+MxrteVaNmhoQ8=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX18f3teiyYUjdPXTE2Qrl+CXeYqsaiOuxPY=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0:

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+Z9lpWg2l9sx0jGPvIRFcjoJS22AqkFBc=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Oct 09 10:28:30.406431 osdx systemd-journald[1768]: Runtime Journal (/run/log/journal/da0729972954483f829d339572dde7c1) is 2.3M, max 15.3M, 12.9M free.
Oct 09 10:28:30.409543 osdx systemd-journald[1768]: Received client request to rotate journal, rotating.
Oct 09 10:28:30.409627 osdx systemd-journald[1768]: Vacuuming done, freed 0B of archived journals from /run/log/journal/da0729972954483f829d339572dde7c1.
Oct 09 10:28:30.423697 osdx OSDxCLI[357286]: User 'admin' executed a new command: 'system journal clear'.
Oct 09 10:28:30.729835 osdx zebra[1399]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 09 10:28:30.884354 osdx osdx-coredump[365551]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Oct 09 10:28:30.894172 osdx OSDxCLI[357286]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 09 10:28:31.546168 osdx OSDxCLI[357286]: User 'admin' entered the configuration menu.
Oct 09 10:28:31.675087 osdx OSDxCLI[357286]: User 'admin' added a new cfg line: 'set system console log-level info'.
Oct 09 10:28:31.767119 osdx OSDxCLI[357286]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Oct 09 10:28:31.863590 osdx OSDxCLI[357286]: User 'admin' added a new cfg line: 'set system strong-password display'.
Oct 09 10:28:32.007011 osdx OSDxCLI[357286]: User 'admin' added a new cfg line: 'show working'.
Oct 09 10:28:32.099064 osdx modulelauncher[1302]: + Received data: ['357286', 'osdx.utils.xos', 'set_console_log_level', 'info']
Oct 09 10:28:32.125054 osdx OSDxCLI[357286]: Signal 10 received
Oct 09 10:28:32.138476 osdx ifmon[1333]: Changed log-level to info
Oct 09 10:28:32.139108 osdx cfgd[1434]: [357286]Completed change to active configuration
Oct 09 10:28:32.142261 osdx OSDxCLI[357286]: User 'admin' committed the configuration.
Oct 09 10:28:32.181170 osdx OSDxCLI[357286]: User 'admin' left the configuration menu.
Oct 09 10:28:32.404230 osdx OSDxCLI[357286]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Oct 09 10:28:32.405092 osdx OSDxCLI[357286]: pam_unix(cli:session): session closed for user admin
Oct 09 10:28:32.405749 osdx OSDxCLI[357286]: User 'admin' entered the configuration menu.
Oct 09 10:28:32.507496 osdx OSDxCLI[357286]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Oct 09 10:28:32.507995 osdx cfgd[1434]: Execute action [syntax] for node [system ntp authentication-key 1]
Oct 09 10:28:32.533593 osdx OSDxCLI[357286]: pam_unix(cli:session): session closed for user admin
Oct 09 10:28:32.534019 osdx OSDxCLI[357286]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 qwER43@!'.
Oct 09 10:28:32.603750 osdx OSDxCLI[357286]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Oct 09 10:28:32.614457 osdx OSDxCLI[357286]: pam_unix(cli:session): session closed for user admin
Oct 09 10:28:32.614851 osdx OSDxCLI[357286]: User 'admin' added a new cfg line: 'show changes'.
Oct 09 10:28:32.702254 osdx OSDxCLI[357286]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Oct 09 10:28:32.711888 osdx cfgd[1434]: [357286]must validation for [system login user admin role] was skipped
Oct 09 10:28:32.728446 osdx WARNING[365593]: Short keyboard patterns are easy to guess.
Oct 09 10:28:32.728505 osdx INFO[365593]: Suggestions:
Oct 09 10:28:32.728549 osdx INFO[365593]:   Add another word or two. Uncommon words are better.
Oct 09 10:28:32.728582 osdx INFO[365593]:   Use a longer keyboard pattern with more turns.
Oct 09 10:28:32.728611 osdx INFO[365593]: Crack times (passwords per time):
Oct 09 10:28:32.728640 osdx INFO[365593]:   100 per hour:              centuries
Oct 09 10:28:32.728669 osdx INFO[365593]:   10 per second:             3 months
Oct 09 10:28:32.728743 osdx INFO[365593]:   10.000 per second:         3 hours
Oct 09 10:28:32.728773 osdx INFO[365593]:   10.000.000.000 per second: less than a second
Oct 09 10:28:32.734747 osdx cfgd[1434]: Execute action [end] for node [system ntp]
Oct 09 10:28:32.769849 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Oct 09 10:28:32.779153 osdx ntpd[365601]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Oct 09 10:28:32.779429 osdx ntp-systemd-wrapper[365601]: 2024-10-09T10:28:32 ntpd[365601]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Oct 09 10:28:32.779429 osdx ntp-systemd-wrapper[365601]: 2024-10-09T10:28:32 ntpd[365601]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Oct 09 10:28:32.779189 osdx ntpd[365601]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Oct 09 10:28:32.779894 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Oct 09 10:28:32.781062 osdx cfgd[1434]: [357286]Completed change to active configuration
Oct 09 10:28:32.783665 osdx OSDxCLI[357286]: pam_unix(cli:session): session closed for user admin
Oct 09 10:28:32.783873 osdx ntpd[365603]: INIT: precision = 0.094 usec (-23)
Oct 09 10:28:32.783966 osdx OSDxCLI[357286]: User 'admin' committed the configuration.
Oct 09 10:28:32.785098 osdx ntpd[365603]: INIT: successfully locked into RAM
Oct 09 10:28:32.785136 osdx ntpd[365603]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Oct 09 10:28:32.785182 osdx ntpd[365603]: AUTH: authreadkeys: reading /etc/ntp.keys
Oct 09 10:28:32.785483 osdx ntpd[365603]: AUTH: authreadkeys: added 1 keys
Oct 09 10:28:32.785577 osdx ntpd[365603]: INIT: Using SO_TIMESTAMPNS(ns)
Oct 09 10:28:32.785599 osdx ntpd[365603]: IO: Listen and drop on 0 v6wildcard [::]:123
Oct 09 10:28:32.785618 osdx ntpd[365603]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Oct 09 10:28:32.786439 osdx ntpd[365603]: IO: Listen normally on 2 lo 127.0.0.1:123
Oct 09 10:28:32.786473 osdx ntpd[365603]: IO: Listen normally on 3 lo [::1]:123
Oct 09 10:28:32.786503 osdx ntpd[365603]: IO: Listening on routing socket on fd #20 for interface updates
Oct 09 10:28:32.786512 osdx ntpd[365603]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Oct 09 10:28:32.786595 osdx ntpd[365603]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0
Oct 09 10:28:32.786600 osdx ntpd[365603]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Oct 09 10:28:32.787471 osdx ntpd[365603]: NTSc: Using system default root certificates.
Oct 09 10:28:32.807987 osdx OSDxCLI[357286]: User 'admin' left the configuration menu.
Oct 09 10:28:32.971777 osdx OSDxCLI[357286]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---