Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1978daOZ5hgF9NMuO0xpsWKvRal0PJGXxA=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1978daOZ5hgF3lMLbqtrYYi8+fWj6THOeM=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0:

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX18ctqbqg/GXomdV2orzLenGNhCMywUFerI=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Dec 04 16:54:23.294920 osdx systemd-journald[339390]: Runtime Journal (/run/log/journal/2754912ae611401eb118833e63cf0c07) is 2.3M, max 15.3M, 13.0M free.
Dec 04 16:54:23.295493 osdx systemd-journald[339390]: Received client request to rotate journal, rotating.
Dec 04 16:54:23.295537 osdx systemd-journald[339390]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2754912ae611401eb118833e63cf0c07.
Dec 04 16:54:23.304763 osdx OSDxCLI[340614]: User 'admin' executed a new command: 'system journal clear'.
Dec 04 16:54:23.601767 osdx osdx-coredump[348153]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Dec 04 16:54:23.609499 osdx OSDxCLI[340614]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 04 16:54:24.051097 osdx OSDxCLI[340614]: User 'admin' entered the configuration menu.
Dec 04 16:54:24.151503 osdx OSDxCLI[340614]: User 'admin' added a new cfg line: 'set system console log-level info'.
Dec 04 16:54:24.230061 osdx OSDxCLI[340614]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Dec 04 16:54:24.337550 osdx OSDxCLI[340614]: User 'admin' added a new cfg line: 'set system strong-password display'.
Dec 04 16:54:24.437571 osdx OSDxCLI[340614]: User 'admin' added a new cfg line: 'show working'.
Dec 04 16:54:24.546452 osdx modulelauncher[1108]: + Received data: ['340614', 'osdx.utils.xos', 'set_console_log_level', 'info']
Dec 04 16:54:24.562467 osdx OSDxCLI[340614]: Signal 10 received
Dec 04 16:54:24.571531 osdx ifmon[1140]: Changed log-level to info
Dec 04 16:54:24.572146 osdx cfgd[1239]: [340614]Completed change to active configuration
Dec 04 16:54:24.574250 osdx OSDxCLI[340614]: User 'admin' committed the configuration.
Dec 04 16:54:24.599594 osdx OSDxCLI[340614]: User 'admin' left the configuration menu.
Dec 04 16:54:24.790243 osdx OSDxCLI[340614]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Dec 04 16:54:24.790910 osdx OSDxCLI[340614]: pam_unix(cli:session): session closed for user admin
Dec 04 16:54:24.791110 osdx OSDxCLI[340614]: User 'admin' entered the configuration menu.
Dec 04 16:54:24.844528 osdx OSDxCLI[340614]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Dec 04 16:54:24.844786 osdx cfgd[1239]: Execute action [syntax] for node [system ntp authentication-key 1]
Dec 04 16:54:24.856385 osdx OSDxCLI[340614]: pam_unix(cli:session): session closed for user admin
Dec 04 16:54:24.856628 osdx OSDxCLI[340614]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 qwER43@!'.
Dec 04 16:54:24.944242 osdx OSDxCLI[340614]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Dec 04 16:54:24.948583 osdx OSDxCLI[340614]: pam_unix(cli:session): session closed for user admin
Dec 04 16:54:24.948773 osdx OSDxCLI[340614]: User 'admin' added a new cfg line: 'show changes'.
Dec 04 16:54:24.997026 osdx OSDxCLI[340614]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Dec 04 16:54:25.003380 osdx cfgd[1239]: [340614]must validation for [system login user admin role] was skipped
Dec 04 16:54:25.025194 osdx WARNING[348195]: Short keyboard patterns are easy to guess.
Dec 04 16:54:25.025240 osdx INFO[348195]: Suggestions:
Dec 04 16:54:25.025267 osdx INFO[348195]:   Add another word or two. Uncommon words are better.
Dec 04 16:54:25.025284 osdx INFO[348195]:   Use a longer keyboard pattern with more turns.
Dec 04 16:54:25.025300 osdx INFO[348195]: Crack times (passwords per time):
Dec 04 16:54:25.025315 osdx INFO[348195]:   100 per hour:              centuries
Dec 04 16:54:25.025331 osdx INFO[348195]:   10 per second:             3 months
Dec 04 16:54:25.025380 osdx INFO[348195]:   10.000 per second:         3 hours
Dec 04 16:54:25.025398 osdx INFO[348195]:   10.000.000.000 per second: less than a second
Dec 04 16:54:25.031690 osdx cfgd[1239]: Execute action [end] for node [system ntp]
Dec 04 16:54:25.083924 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Dec 04 16:54:25.099182 osdx ntpd[348203]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Dec 04 16:54:25.099238 osdx ntpd[348203]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Dec 04 16:54:25.099980 osdx ntp-systemd-wrapper[348203]: 2024-12-04T16:54:25 ntpd[348203]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Dec 04 16:54:25.099980 osdx ntp-systemd-wrapper[348203]: 2024-12-04T16:54:25 ntpd[348203]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Dec 04 16:54:25.100989 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Dec 04 16:54:25.103030 osdx cfgd[1239]: [340614]Completed change to active configuration
Dec 04 16:54:25.108574 osdx OSDxCLI[340614]: pam_unix(cli:session): session closed for user admin
Dec 04 16:54:25.109314 osdx OSDxCLI[340614]: User 'admin' committed the configuration.
Dec 04 16:54:25.111697 osdx ntpd[348205]: INIT: precision = 0.221 usec (-22)
Dec 04 16:54:25.113851 osdx ntpd[348205]: INIT: successfully locked into RAM
Dec 04 16:54:25.113883 osdx ntpd[348205]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Dec 04 16:54:25.113972 osdx ntpd[348205]: AUTH: authreadkeys: reading /etc/ntp.keys
Dec 04 16:54:25.114446 osdx ntpd[348205]: AUTH: authreadkeys: added 1 keys
Dec 04 16:54:25.114551 osdx ntpd[348205]: INIT: Using SO_TIMESTAMPNS(ns)
Dec 04 16:54:25.114580 osdx ntpd[348205]: IO: Listen and drop on 0 v6wildcard [::]:123
Dec 04 16:54:25.114615 osdx ntpd[348205]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Dec 04 16:54:25.116079 osdx ntpd[348205]: IO: Listen normally on 2 lo 127.0.0.1:123
Dec 04 16:54:25.116133 osdx ntpd[348205]: IO: Listen normally on 3 lo [::1]:123
Dec 04 16:54:25.116186 osdx ntpd[348205]: IO: Listening on routing socket on fd #20 for interface updates
Dec 04 16:54:25.116205 osdx ntpd[348205]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Dec 04 16:54:25.116361 osdx ntpd[348205]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0
Dec 04 16:54:25.116370 osdx ntpd[348205]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Dec 04 16:54:25.117899 osdx ntpd[348205]: NTSc: Using system default root certificates.
Dec 04 16:54:25.133002 osdx OSDxCLI[340614]: User 'admin' left the configuration menu.
Dec 04 16:54:25.248343 osdx OSDxCLI[340614]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---