Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+JwzC/xks7lPrx9o090UCZDgACOUGXxsI=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+JwzC/xks7lAhR5KhVeY5aYQRDBb4Z52I=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0:

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/5+jlOdyM/wX6D54/3OA+DZR4TZQMqbOY=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Feb 03 14:45:32.414839 osdx systemd-journald[1936]: Runtime Journal (/run/log/journal/0b455e05fd8849079cae205af04c9e16) is 2.3M, max 15.3M, 12.9M free.
Feb 03 14:45:32.417585 osdx systemd-journald[1936]: Received client request to rotate journal, rotating.
Feb 03 14:45:32.417655 osdx systemd-journald[1936]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0b455e05fd8849079cae205af04c9e16.
Feb 03 14:45:32.434216 osdx OSDxCLI[400402]: User 'admin' executed a new command: 'system journal clear'.
Feb 03 14:45:32.912964 osdx osdx-coredump[412133]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Feb 03 14:45:32.927600 osdx OSDxCLI[400402]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 03 14:45:33.678916 osdx OSDxCLI[400402]: User 'admin' entered the configuration menu.
Feb 03 14:45:33.788068 osdx OSDxCLI[400402]: User 'admin' added a new cfg line: 'set system console log-level info'.
Feb 03 14:45:33.918780 osdx OSDxCLI[400402]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Feb 03 14:45:34.022600 osdx OSDxCLI[400402]: User 'admin' added a new cfg line: 'set system strong-password display'.
Feb 03 14:45:34.164165 osdx OSDxCLI[400402]: User 'admin' added a new cfg line: 'show working'.
Feb 03 14:45:34.277086 osdx INFO[412154]: FRR daemons did not change
Feb 03 14:45:34.278845 osdx modulelauncher[1475]: + Received data: ['400402', 'osdx.utils.xos', 'set_console_log_level', 'info']
Feb 03 14:45:34.305080 osdx OSDxCLI[400402]: Signal 10 received
Feb 03 14:45:34.319439 osdx ifmon[1477]: Changed log-level to info
Feb 03 14:45:34.320075 osdx cfgd[1636]: [400402]Completed change to active configuration
Feb 03 14:45:34.323420 osdx OSDxCLI[400402]: User 'admin' committed the configuration.
Feb 03 14:45:34.368914 osdx OSDxCLI[400402]: User 'admin' left the configuration menu.
Feb 03 14:45:34.595862 osdx OSDxCLI[400402]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Feb 03 14:45:34.596718 osdx OSDxCLI[400402]: pam_unix(cli:session): session closed for user admin
Feb 03 14:45:34.597321 osdx OSDxCLI[400402]: User 'admin' entered the configuration menu.
Feb 03 14:45:34.703446 osdx OSDxCLI[400402]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Feb 03 14:45:34.703890 osdx cfgd[1636]: Execute action [syntax] for node [system ntp authentication-key 1]
Feb 03 14:45:34.721778 osdx OSDxCLI[400402]: pam_unix(cli:session): session closed for user admin
Feb 03 14:45:34.722275 osdx OSDxCLI[400402]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Feb 03 14:45:34.827173 osdx OSDxCLI[400402]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Feb 03 14:45:34.835130 osdx OSDxCLI[400402]: pam_unix(cli:session): session closed for user admin
Feb 03 14:45:34.835661 osdx OSDxCLI[400402]: User 'admin' added a new cfg line: 'show changes'.
Feb 03 14:45:35.019331 osdx OSDxCLI[400402]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Feb 03 14:45:35.025990 osdx cfgd[1636]: [400402]must validation for [system strong-password] was skipped
Feb 03 14:45:35.026074 osdx cfgd[1636]: [400402]must validation for [system login user admin role] was skipped
Feb 03 14:45:35.044938 osdx WARNING[412177]: Short keyboard patterns are easy to guess.
Feb 03 14:45:35.044997 osdx INFO[412177]: Suggestions:
Feb 03 14:45:35.045044 osdx INFO[412177]:   Add another word or two. Uncommon words are better.
Feb 03 14:45:35.045095 osdx INFO[412177]:   Use a longer keyboard pattern with more turns.
Feb 03 14:45:35.045127 osdx INFO[412177]: Crack times (passwords per time):
Feb 03 14:45:35.045159 osdx INFO[412177]:   100 per hour:              centuries
Feb 03 14:45:35.045190 osdx INFO[412177]:   10 per second:             3 months
Feb 03 14:45:35.045273 osdx INFO[412177]:   10.000 per second:         3 hours
Feb 03 14:45:35.045306 osdx INFO[412177]:   10.000.000.000 per second: less than a second
Feb 03 14:45:35.052076 osdx INFO[412179]: FRR daemons did not change
Feb 03 14:45:35.052646 osdx cfgd[1636]: Execute action [end] for node [system ntp]
Feb 03 14:45:35.094143 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Feb 03 14:45:35.102368 osdx ntpd[412186]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Feb 03 14:45:35.102705 osdx ntp-systemd-wrapper[412186]: 2025-02-03T14:45:35 ntpd[412186]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Feb 03 14:45:35.102783 osdx ntpd[412186]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Feb 03 14:45:35.102861 osdx ntp-systemd-wrapper[412186]: 2025-02-03T14:45:35 ntpd[412186]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Feb 03 14:45:35.103831 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Feb 03 14:45:35.104953 osdx cfgd[1636]: [400402]Completed change to active configuration
Feb 03 14:45:35.107560 osdx OSDxCLI[400402]: pam_unix(cli:session): session closed for user admin
Feb 03 14:45:35.107907 osdx OSDxCLI[400402]: User 'admin' committed the configuration.
Feb 03 14:45:35.108745 osdx ntpd[412188]: INIT: precision = 0.084 usec (-23)
Feb 03 14:45:35.109660 osdx ntpd[412188]: INIT: successfully locked into RAM
Feb 03 14:45:35.109684 osdx ntpd[412188]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Feb 03 14:45:35.109741 osdx ntpd[412188]: AUTH: authreadkeys: reading /etc/ntp.keys
Feb 03 14:45:35.110035 osdx ntpd[412188]: AUTH: authreadkeys: added 1 keys
Feb 03 14:45:35.110095 osdx ntpd[412188]: INIT: Using SO_TIMESTAMPNS(ns)
Feb 03 14:45:35.110114 osdx ntpd[412188]: IO: Listen and drop on 0 v6wildcard [::]:123
Feb 03 14:45:35.110132 osdx ntpd[412188]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Feb 03 14:45:35.110931 osdx ntpd[412188]: IO: Listen normally on 2 lo 127.0.0.1:123
Feb 03 14:45:35.110960 osdx ntpd[412188]: IO: Listen normally on 3 lo [::1]:123
Feb 03 14:45:35.110992 osdx ntpd[412188]: IO: Listening on routing socket on fd #20 for interface updates
Feb 03 14:45:35.111001 osdx ntpd[412188]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Feb 03 14:45:35.111073 osdx ntpd[412188]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0
Feb 03 14:45:35.111078 osdx ntpd[412188]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Feb 03 14:45:35.111959 osdx ntpd[412188]: NTSc: Using system default root certificates.
Feb 03 14:45:35.135147 osdx OSDxCLI[400402]: User 'admin' left the configuration menu.
Feb 03 14:45:35.308369 osdx OSDxCLI[400402]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---