Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+TnEJMnavItHZjc8pKjVedxxUXH7eQLGk=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+TnEJMnavItFRDw8xQPUqvcDMcNGU/M8U=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0:

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/6D9Qi3JG2Na4Lv/QRIvJbZPjyhKwuCc8=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

May 11 21:37:37.630721 osdx systemd-journald[118835]: Runtime Journal (/run/log/journal/f55f446d40464b198e70fbabb9c21674) is 2.4M, max 15.3M, 12.9M free.
May 11 21:37:37.631677 osdx systemd-journald[118835]: Received client request to rotate journal, rotating.
May 11 21:37:37.631747 osdx systemd-journald[118835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f55f446d40464b198e70fbabb9c21674.
May 11 21:37:37.652925 osdx OSDxCLI[118665]: User 'admin' executed a new command: 'system journal clear'.
May 11 21:37:38.253829 osdx osdx-coredump[121527]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 11 21:37:38.268215 osdx OSDxCLI[118665]: User 'admin' executed a new command: 'system coredump delete all'.
May 11 21:37:39.056337 osdx OSDxCLI[118665]: User 'admin' entered the configuration menu.
May 11 21:37:39.199477 osdx OSDxCLI[118665]: User 'admin' added a new cfg line: 'set system console log-level info'.
May 11 21:37:39.331688 osdx OSDxCLI[118665]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
May 11 21:37:39.471341 osdx OSDxCLI[118665]: User 'admin' added a new cfg line: 'set system strong-password display'.
May 11 21:37:39.660589 osdx OSDxCLI[118665]: User 'admin' added a new cfg line: 'show working'.
May 11 21:37:39.839173 osdx modulelauncher[1111]: + Received data: ['118665', 'osdx.utils.xos', 'set_console_log_level', 'info']
May 11 21:37:39.868979 osdx OSDxCLI[118665]: Signal 10 received
May 11 21:37:39.887489 osdx ifmon[1143]: Changed log-level to info
May 11 21:37:39.888495 osdx cfgd[1244]: [118665]Completed change to active configuration
May 11 21:37:39.892114 osdx OSDxCLI[118665]: User 'admin' committed the configuration.
May 11 21:37:39.952602 osdx OSDxCLI[118665]: User 'admin' left the configuration menu.
May 11 21:37:40.183268 osdx OSDxCLI[118665]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
May 11 21:37:40.184178 osdx OSDxCLI[118665]: pam_unix(cli:session): session closed for user admin
May 11 21:37:40.184676 osdx OSDxCLI[118665]: User 'admin' entered the configuration menu.
May 11 21:37:40.291727 osdx OSDxCLI[118665]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
May 11 21:37:40.292299 osdx cfgd[1244]: Execute action [syntax] for node [system ntp authentication-key 1]
May 11 21:37:40.311876 osdx OSDxCLI[118665]: pam_unix(cli:session): session closed for user admin
May 11 21:37:40.312458 osdx OSDxCLI[118665]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 qwER43@!'.
May 11 21:37:40.398985 osdx OSDxCLI[118665]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
May 11 21:37:40.406295 osdx OSDxCLI[118665]: pam_unix(cli:session): session closed for user admin
May 11 21:37:40.406686 osdx OSDxCLI[118665]: User 'admin' added a new cfg line: 'show changes'.
May 11 21:37:40.520402 osdx OSDxCLI[118665]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
May 11 21:37:40.530563 osdx cfgd[1244]: [118665]must validation for [system login user admin role] was skipped
May 11 21:37:40.548086 osdx WARNING[121569]: Short keyboard patterns are easy to guess.
May 11 21:37:40.548145 osdx INFO[121569]: Suggestions:
May 11 21:37:40.548190 osdx INFO[121569]:   Add another word or two. Uncommon words are better.
May 11 21:37:40.548237 osdx INFO[121569]:   Use a longer keyboard pattern with more turns.
May 11 21:37:40.548267 osdx INFO[121569]: Crack times (passwords per time):
May 11 21:37:40.548298 osdx INFO[121569]:   100 per hour:              centuries
May 11 21:37:40.548328 osdx INFO[121569]:   10 per second:             3 months
May 11 21:37:40.548403 osdx INFO[121569]:   10.000 per second:         3 hours
May 11 21:37:40.548434 osdx INFO[121569]:   10.000.000.000 per second: less than a second
May 11 21:37:40.556146 osdx cfgd[1244]: Execute action [end] for node [system ntp]
May 11 21:37:40.611521 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
May 11 21:37:40.621855 osdx ntpd[121577]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
May 11 21:37:40.622234 osdx ntp-systemd-wrapper[121577]: 2025-05-11T21:37:40 ntpd[121577]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
May 11 21:37:40.622318 osdx ntpd[121577]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
May 11 21:37:40.622396 osdx ntp-systemd-wrapper[121577]: 2025-05-11T21:37:40 ntpd[121577]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
May 11 21:37:40.623409 osdx systemd[1]: Started ntpsec.service - Network Time Service.
May 11 21:37:40.624936 osdx cfgd[1244]: [118665]Completed change to active configuration
May 11 21:37:40.627698 osdx OSDxCLI[118665]: pam_unix(cli:session): session closed for user admin
May 11 21:37:40.628140 osdx OSDxCLI[118665]: User 'admin' committed the configuration.
May 11 21:37:40.628724 osdx ntpd[121579]: INIT: precision = 0.065 usec (-24)
May 11 21:37:40.629668 osdx ntpd[121579]: INIT: successfully locked into RAM
May 11 21:37:40.629685 osdx ntpd[121579]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
May 11 21:37:40.629723 osdx ntpd[121579]: AUTH: authreadkeys: reading /etc/ntp.keys
May 11 21:37:40.629917 osdx ntpd[121579]: AUTH: authreadkeys: added 1 keys
May 11 21:37:40.629965 osdx ntpd[121579]: INIT: Using SO_TIMESTAMPNS(ns)
May 11 21:37:40.629981 osdx ntpd[121579]: IO: Listen and drop on 0 v6wildcard [::]:123
May 11 21:37:40.629995 osdx ntpd[121579]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
May 11 21:37:40.630696 osdx ntpd[121579]: IO: Listen normally on 2 lo 127.0.0.1:123
May 11 21:37:40.630727 osdx ntpd[121579]: IO: Listen normally on 3 lo [::1]:123
May 11 21:37:40.630760 osdx ntpd[121579]: IO: Listening on routing socket on fd #20 for interface updates
May 11 21:37:40.630770 osdx ntpd[121579]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
May 11 21:37:40.630844 osdx ntpd[121579]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0
May 11 21:37:40.630849 osdx ntpd[121579]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0
May 11 21:37:40.631704 osdx ntpd[121579]: NTSc: Using system default root certificates.
May 11 21:37:40.657464 osdx OSDxCLI[118665]: User 'admin' left the configuration menu.
May 11 21:37:40.829353 osdx OSDxCLI[118665]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---