Strong Password
Test suite to check the OSDx password strong-password level
Test Strong Password
Description
A password strength level and a strong password are configured and then attempting to configure a weak password fails.
Scenario
Step 1: Set the following configuration in DUT0:
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+vCvAK2U+gF2VupMsApg4IxqpxwQqjy34= set system strong-password level 2
Note
This password has a score of 4.
Step 2: Expect a failure in the following command:
Modify the following configuration lines in DUT0:
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+vCvAK2U+gFwqEFA7qezYyPYVhqLQq8mg=
Note
This password has a score of 0, which is lower than the strong-password level.
Test Password Display
Description
Check that additional information from the strong-password is displayed correctly
Scenario
Step 1: Set the following configuration in DUT0:
set system cli configuration logging global info set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system strong-password display set system strong-password level 0
Step 2: Modify the following configuration lines in DUT0:
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+UlHM8tTZ+2LJd/RzglbkrsPg6RwlOMdE=
Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:
Show output
Oct 07 11:26:54.295716 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.3M, max 15.3M, 13.0M free. Oct 07 11:26:54.298776 osdx systemd-journald[115269]: Received client request to rotate journal, rotating. Oct 07 11:26:54.298835 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc. Oct 07 11:26:54.307580 osdx OSDxCLI[173468]: User 'admin' executed a new command: 'system journal clear'. Oct 07 11:26:54.661603 osdx osdx-coredump[197197]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 11:26:54.669289 osdx OSDxCLI[173468]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 11:26:55.166288 osdx OSDxCLI[173468]: User 'admin' entered the configuration menu. Oct 07 11:26:55.268176 osdx OSDxCLI[173468]: User 'admin' added a new cfg line: 'set system console log-level info'. Oct 07 11:26:55.336656 osdx OSDxCLI[173468]: User 'admin' added a new cfg line: 'set system strong-password level 0'. Oct 07 11:26:55.433205 osdx OSDxCLI[173468]: User 'admin' added a new cfg line: 'set system strong-password display'. Oct 07 11:26:55.507349 osdx OSDxCLI[173468]: User 'admin' added a new cfg line: 'show working'. Oct 07 11:26:55.620896 osdx modulelauncher[1279]: + Received data: ['173468', 'osdx.utils.xos', 'set_console_log_level', 'info'] Oct 07 11:26:55.634473 osdx OSDxCLI[173468]: Signal 10 received Oct 07 11:26:55.643719 osdx ifmon[1281]: Changed log-level to info Oct 07 11:26:55.644164 osdx cfgd[1439]: [173468]Completed change to active configuration Oct 07 11:26:55.646560 osdx OSDxCLI[173468]: User 'admin' committed the configuration. Oct 07 11:26:55.671069 osdx OSDxCLI[173468]: User 'admin' left the configuration menu. Oct 07 11:26:55.840649 osdx OSDxCLI[173468]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Oct 07 11:26:55.841060 osdx OSDxCLI[173468]: pam_unix(cli:session): session closed for user admin Oct 07 11:26:55.841255 osdx OSDxCLI[173468]: User 'admin' entered the configuration menu. Oct 07 11:26:55.898624 osdx OSDxCLI[173468]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Oct 07 11:26:55.898924 osdx cfgd[1439]: Execute action [syntax] for node [system ntp authentication-key 1] Oct 07 11:26:55.910741 osdx OSDxCLI[173468]: pam_unix(cli:session): session closed for user admin Oct 07 11:26:55.910981 osdx OSDxCLI[173468]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 qwER43@!'. Oct 07 11:26:56.005689 osdx OSDxCLI[173468]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Oct 07 11:26:56.012768 osdx OSDxCLI[173468]: pam_unix(cli:session): session closed for user admin Oct 07 11:26:56.013015 osdx OSDxCLI[173468]: User 'admin' added a new cfg line: 'show changes'. Oct 07 11:26:56.065431 osdx OSDxCLI[173468]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Oct 07 11:26:56.071758 osdx cfgd[1439]: [173468]must validation for [system strong-password] was skipped Oct 07 11:26:56.071809 osdx cfgd[1439]: [173468]must validation for [system login user admin role] was skipped Oct 07 11:26:56.091683 osdx WARNING[197239]: Short keyboard patterns are easy to guess. Oct 07 11:26:56.091720 osdx INFO[197239]: Suggestions: Oct 07 11:26:56.091746 osdx INFO[197239]: Add another word or two. Uncommon words are better. Oct 07 11:26:56.091763 osdx INFO[197239]: Use a longer keyboard pattern with more turns. Oct 07 11:26:56.091779 osdx INFO[197239]: Crack times (passwords per time): Oct 07 11:26:56.091794 osdx INFO[197239]: 100 per hour: centuries Oct 07 11:26:56.091809 osdx INFO[197239]: 10 per second: 3 months Oct 07 11:26:56.091858 osdx INFO[197239]: 10.000 per second: 3 hours Oct 07 11:26:56.091876 osdx INFO[197239]: 10.000.000.000 per second: less than a second Oct 07 11:26:56.095709 osdx cfgd[1439]: Execute action [end] for node [system ntp] Oct 07 11:26:56.131023 osdx systemd[1]: Starting ntpsec.service - Network Time Service... Oct 07 11:26:56.138078 osdx ntpd[197247]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting Oct 07 11:26:56.138095 osdx ntpd[197247]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec Oct 07 11:26:56.138292 osdx ntp-systemd-wrapper[197247]: 2024-10-07T11:26:56 ntpd[197247]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting Oct 07 11:26:56.138292 osdx ntp-systemd-wrapper[197247]: 2024-10-07T11:26:56 ntpd[197247]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec Oct 07 11:26:56.138552 osdx systemd[1]: Started ntpsec.service - Network Time Service. Oct 07 11:26:56.139656 osdx cfgd[1439]: [173468]Completed change to active configuration Oct 07 11:26:56.141728 osdx OSDxCLI[173468]: pam_unix(cli:session): session closed for user admin Oct 07 11:26:56.142017 osdx OSDxCLI[173468]: User 'admin' committed the configuration. Oct 07 11:26:56.142579 osdx ntpd[197249]: INIT: precision = 0.125 usec (-23) Oct 07 11:26:56.143716 osdx ntpd[197249]: INIT: successfully locked into RAM Oct 07 11:26:56.143757 osdx ntpd[197249]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf Oct 07 11:26:56.143857 osdx ntpd[197249]: AUTH: authreadkeys: reading /etc/ntp.keys Oct 07 11:26:56.144375 osdx ntpd[197249]: AUTH: authreadkeys: added 1 keys Oct 07 11:26:56.144486 osdx ntpd[197249]: INIT: Using SO_TIMESTAMPNS(ns) Oct 07 11:26:56.144522 osdx ntpd[197249]: IO: Listen and drop on 0 v6wildcard [::]:123 Oct 07 11:26:56.144556 osdx ntpd[197249]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 Oct 07 11:26:56.145985 osdx ntpd[197249]: IO: Listen normally on 2 lo 127.0.0.1:123 Oct 07 11:26:56.146036 osdx ntpd[197249]: IO: Listen normally on 3 lo [::1]:123 Oct 07 11:26:56.146082 osdx ntpd[197249]: IO: Listening on routing socket on fd #20 for interface updates Oct 07 11:26:56.146099 osdx ntpd[197249]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes Oct 07 11:26:56.146237 osdx ntpd[197249]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0 Oct 07 11:26:56.146248 osdx ntpd[197249]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0 Oct 07 11:26:56.147789 osdx ntpd[197249]: NTSc: Using system default root certificates. Oct 07 11:26:56.171258 osdx OSDxCLI[173468]: User 'admin' left the configuration menu. Oct 07 11:26:56.281452 osdx OSDxCLI[173468]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)