Strong Password
Test suite to check the OSDx password strong-password level
Test Strong Password
Description
A password strength level and a strong password are configured and then attempting to configure a weak password fails.
Scenario
Step 1: Set the following configuration in DUT0 :
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system ntp authentication-key 1 encrypted-key U2FsdGVkX19Up5sMyDFm2N8jgb/FT0MEg+Qpc5RcUQg= set system strong-password level 2
Note
This password has a score of 4.
Step 2: Expect a failure in the following command:
Modify the following configuration lines in DUT0 :
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19Up5sMyDFm2O/cd9WRnIX7STerltdypKY=
Note
This password has a score of 0, which is lower than the strong-password level.
Test Password Display
Description
Check that additional information from the strong-password is displayed correctly
Scenario
Step 1: Set the following configuration in DUT0 :
set system cli configuration logging global info set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system strong-password display set system strong-password level 0
Step 2: Modify the following configuration lines in DUT0 :
set system ntp authentication-key 1 encrypted-key U2FsdGVkX199Dj14TMg0WNqqOqwDzIgiu/XMpJm+mpM=
Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:
Show output
Jan 10 14:57:35.291827 osdx systemd-journald[24675]: Runtime Journal (/run/log/journal/dd2bda757d8d4ac3988ff4b660081a06) is 2.3M, max 15.3M, 13.0M free. Jan 10 14:57:35.294631 osdx systemd-journald[24675]: Received client request to rotate journal, rotating. Jan 10 14:57:35.294702 osdx systemd-journald[24675]: Vacuuming done, freed 0B of archived journals from /run/log/journal/dd2bda757d8d4ac3988ff4b660081a06. Jan 10 14:57:35.304400 osdx OSDxCLI[26131]: User 'admin' executed a new command: 'system journal clear'. Jan 10 14:57:35.628974 osdx osdx-coredump[47699]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 14:57:35.638497 osdx OSDxCLI[26131]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 14:57:36.080522 osdx OSDxCLI[26131]: User 'admin' entered the configuration menu. Jan 10 14:57:36.138954 osdx OSDxCLI[26131]: User 'admin' added a new cfg line: 'set system console log-level info'. Jan 10 14:57:36.233647 osdx OSDxCLI[26131]: User 'admin' added a new cfg line: 'set system strong-password level 0'. Jan 10 14:57:36.287323 osdx OSDxCLI[26131]: User 'admin' added a new cfg line: 'set system strong-password display'. Jan 10 14:57:36.394398 osdx OSDxCLI[26131]: User 'admin' added a new cfg line: 'show working'. Jan 10 14:57:36.457749 osdx INFO[47720]: FRR daemons did not change Jan 10 14:57:36.459225 osdx modulelauncher[1289]: + Received data: ['26131', 'osdx.utils.xos', 'set_console_log_level', 'info'] Jan 10 14:57:36.482293 osdx OSDxCLI[26131]: Signal 10 received Jan 10 14:57:36.494348 osdx cfgd[1453]: [26131]Completed change to active configuration Jan 10 14:57:36.496380 osdx OSDxCLI[26131]: User 'admin' committed the configuration. Jan 10 14:57:36.512951 osdx OSDxCLI[26131]: User 'admin' left the configuration menu. Jan 10 14:57:36.674959 osdx OSDxCLI[26131]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Jan 10 14:57:36.675466 osdx OSDxCLI[26131]: pam_unix(cli:session): session closed for user admin Jan 10 14:57:36.675787 osdx OSDxCLI[26131]: User 'admin' entered the configuration menu. Jan 10 14:57:36.732182 osdx OSDxCLI[26131]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Jan 10 14:57:36.732621 osdx cfgd[1453]: Execute action [syntax] for node [system ntp authentication-key 1] Jan 10 14:57:36.744645 osdx OSDxCLI[26131]: pam_unix(cli:session): session closed for user admin Jan 10 14:57:36.744850 osdx OSDxCLI[26131]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'. Jan 10 14:57:36.823821 osdx OSDxCLI[26131]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Jan 10 14:57:36.828577 osdx OSDxCLI[26131]: pam_unix(cli:session): session closed for user admin Jan 10 14:57:36.828776 osdx OSDxCLI[26131]: User 'admin' added a new cfg line: 'show changes'. Jan 10 14:57:36.879553 osdx OSDxCLI[26131]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Jan 10 14:57:36.883965 osdx cfgd[1453]: [26131]must validation for [system strong-password] was skipped Jan 10 14:57:36.884055 osdx cfgd[1453]: [26131]must validation for [system login user admin role] was skipped Jan 10 14:57:36.895747 osdx WARNING[47746]: Short keyboard patterns are easy to guess. Jan 10 14:57:36.895784 osdx INFO[47746]: Suggestions: Jan 10 14:57:36.895811 osdx INFO[47746]: Add another word or two. Uncommon words are better. Jan 10 14:57:36.895829 osdx INFO[47746]: Use a longer keyboard pattern with more turns. Jan 10 14:57:36.895844 osdx INFO[47746]: Crack times (passwords per time): Jan 10 14:57:36.895861 osdx INFO[47746]: 100 per hour: centuries Jan 10 14:57:36.895880 osdx INFO[47746]: 10 per second: 3 months Jan 10 14:57:36.895922 osdx INFO[47746]: 10.000 per second: 3 hours Jan 10 14:57:36.895942 osdx INFO[47746]: 10.000.000.000 per second: less than a second Jan 10 14:57:36.900374 osdx INFO[47748]: FRR daemons did not change Jan 10 14:57:36.900690 osdx cfgd[1453]: Execute action [end] for node [system ntp] Jan 10 14:57:36.942823 osdx systemd[1]: Starting ntpsec.service - Network Time Service... Jan 10 14:57:36.948132 osdx ntpd[47755]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting Jan 10 14:57:36.948331 osdx ntp-systemd-wrapper[47755]: 2025-01-10T14:57:36 ntpd[47755]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting Jan 10 14:57:36.948370 osdx ntpd[47755]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec Jan 10 14:57:36.948403 osdx ntp-systemd-wrapper[47755]: 2025-01-10T14:57:36 ntpd[47755]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec Jan 10 14:57:36.948917 osdx systemd[1]: Started ntpsec.service - Network Time Service. Jan 10 14:57:36.949763 osdx cfgd[1453]: [26131]Completed change to active configuration Jan 10 14:57:36.951432 osdx OSDxCLI[26131]: pam_unix(cli:session): session closed for user admin Jan 10 14:57:36.951722 osdx OSDxCLI[26131]: User 'admin' committed the configuration. Jan 10 14:57:36.951966 osdx ntpd[47757]: INIT: precision = 0.057 usec (-24) Jan 10 14:57:36.952410 osdx ntpd[47757]: INIT: successfully locked into RAM Jan 10 14:57:36.952419 osdx ntpd[47757]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf Jan 10 14:57:36.952446 osdx ntpd[47757]: AUTH: authreadkeys: reading /etc/ntp.keys Jan 10 14:57:36.952571 osdx ntpd[47757]: AUTH: authreadkeys: added 1 keys Jan 10 14:57:36.952606 osdx ntpd[47757]: INIT: Using SO_TIMESTAMPNS(ns) Jan 10 14:57:36.952620 osdx ntpd[47757]: IO: Listen and drop on 0 v6wildcard [::]:123 Jan 10 14:57:36.952631 osdx ntpd[47757]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 Jan 10 14:57:36.952941 osdx ntpd[47757]: IO: Listen normally on 2 lo 127.0.0.1:123 Jan 10 14:57:36.952954 osdx ntpd[47757]: IO: Listen normally on 3 lo [::1]:123 Jan 10 14:57:36.952969 osdx ntpd[47757]: IO: Listening on routing socket on fd #20 for interface updates Jan 10 14:57:36.952978 osdx ntpd[47757]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes Jan 10 14:57:36.953024 osdx ntpd[47757]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0 Jan 10 14:57:36.953026 osdx ntpd[47757]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0 Jan 10 14:57:36.953395 osdx ntpd[47757]: NTSc: Using system default root certificates. Jan 10 14:57:36.969106 osdx OSDxCLI[26131]: User 'admin' left the configuration menu. Jan 10 14:57:37.089106 osdx OSDxCLI[26131]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)