Strong Password
Test suite to check the OSDx password strong-password level
Test Strong Password
Description
A password strength level and a strong password are configured and then attempting to configure a weak password fails.
Scenario
Step 1: Set the following configuration in DUT0 :
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+Q69hYBi7QszUYmJxxr6rSiqiBcUdaJrE= set system strong-password level 2
Note
This password has a score of 4.
Step 2: Expect a failure in the following command:
Modify the following configuration lines in DUT0 :
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+Q69hYBi7Qs7yP2YMZGc3EFsGnBhVXClQ=
Note
This password has a score of 0, which is lower than the strong-password level.
Test Password Display
Description
Check that additional information from the strong-password is displayed correctly
Scenario
Step 1: Set the following configuration in DUT0 :
set system cli configuration logging global info set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system strong-password display set system strong-password level 0
Step 2: Modify the following configuration lines in DUT0 :
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+RtUe8pzxNF6zdjpk+IdXImw5H70K2/ws=
Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:
Show output
Feb 19 17:42:20.470971 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.4M, max 15.3M, 12.9M free. Feb 19 17:42:20.473219 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 17:42:20.473308 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 17:42:20.492465 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:42:21.111206 osdx osdx-coredump[68890]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:42:21.124286 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:42:21.935464 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 17:42:22.065891 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system console log-level info'. Feb 19 17:42:22.214094 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system strong-password level 0'. Feb 19 17:42:22.331406 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system strong-password display'. Feb 19 17:42:22.516939 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:42:22.685026 osdx INFO[68911]: FRR daemons did not change Feb 19 17:42:22.688368 osdx modulelauncher[1297]: + Received data: ['13781', 'osdx.utils.xos', 'set_console_log_level', 'info'] Feb 19 17:42:22.729124 osdx OSDxCLI[13781]: Signal 10 received Feb 19 17:42:22.769913 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 17:42:22.773958 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 17:42:22.810004 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 17:42:23.051658 osdx OSDxCLI[13781]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Feb 19 17:42:23.061768 osdx OSDxCLI[13781]: pam_unix(cli:session): session closed for user admin Feb 19 17:42:23.062512 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 17:42:23.166279 osdx OSDxCLI[13781]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Feb 19 17:42:23.166831 osdx cfgd[1463]: Execute action [syntax] for node [system ntp authentication-key 1] Feb 19 17:42:23.195530 osdx OSDxCLI[13781]: pam_unix(cli:session): session closed for user admin Feb 19 17:42:23.196043 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'. Feb 19 17:42:23.289552 osdx OSDxCLI[13781]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Feb 19 17:42:23.300866 osdx OSDxCLI[13781]: pam_unix(cli:session): session closed for user admin Feb 19 17:42:23.301510 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show changes'. Feb 19 17:42:23.418197 osdx OSDxCLI[13781]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Feb 19 17:42:23.439320 osdx cfgd[1463]: [13781]must validation for [system strong-password] was skipped Feb 19 17:42:23.439423 osdx cfgd[1463]: [13781]must validation for [system login user admin role] was skipped Feb 19 17:42:23.481530 osdx WARNING[68937]: Short keyboard patterns are easy to guess. Feb 19 17:42:23.481803 osdx INFO[68937]: Suggestions: Feb 19 17:42:23.482493 osdx INFO[68937]: Add another word or two. Uncommon words are better. Feb 19 17:42:23.482560 osdx INFO[68937]: Use a longer keyboard pattern with more turns. Feb 19 17:42:23.482633 osdx INFO[68937]: Crack times (passwords per time): Feb 19 17:42:23.482687 osdx INFO[68937]: 100 per hour: centuries Feb 19 17:42:23.482744 osdx INFO[68937]: 10 per second: 3 months Feb 19 17:42:23.482838 osdx INFO[68937]: 10.000 per second: 3 hours Feb 19 17:42:23.482879 osdx INFO[68937]: 10.000.000.000 per second: less than a second Feb 19 17:42:23.498000 osdx INFO[68939]: FRR daemons did not change Feb 19 17:42:23.505822 osdx cfgd[1463]: Execute action [end] for node [system ntp] Feb 19 17:42:23.574015 osdx systemd[1]: Starting ntpsec.service - Network Time Service... Feb 19 17:42:23.583775 osdx ntpd[68946]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting Feb 19 17:42:23.584162 osdx ntp-systemd-wrapper[68946]: 2025-02-19T17:42:23 ntpd[68946]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting Feb 19 17:42:23.584246 osdx ntpd[68946]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec Feb 19 17:42:23.584323 osdx ntp-systemd-wrapper[68946]: 2025-02-19T17:42:23 ntpd[68946]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec Feb 19 17:42:23.587855 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 17:42:23.585605 osdx systemd[1]: Started ntpsec.service - Network Time Service. Feb 19 17:42:23.590242 osdx ntpd[68948]: INIT: precision = 0.069 usec (-24) Feb 19 17:42:23.591158 osdx ntpd[68948]: INIT: successfully locked into RAM Feb 19 17:42:23.591183 osdx ntpd[68948]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf Feb 19 17:42:23.591234 osdx ntpd[68948]: AUTH: authreadkeys: reading /etc/ntp.keys Feb 19 17:42:23.591534 osdx ntpd[68948]: AUTH: authreadkeys: added 1 keys Feb 19 17:42:23.591596 osdx ntpd[68948]: INIT: Using SO_TIMESTAMPNS(ns) Feb 19 17:42:23.591616 osdx ntpd[68948]: IO: Listen and drop on 0 v6wildcard [::]:123 Feb 19 17:42:23.591636 osdx ntpd[68948]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 Feb 19 17:42:23.592441 osdx ntpd[68948]: IO: Listen normally on 2 lo 127.0.0.1:123 Feb 19 17:42:23.592468 osdx ntpd[68948]: IO: Listen normally on 3 lo [::1]:123 Feb 19 17:42:23.592504 osdx ntpd[68948]: IO: Listening on routing socket on fd #20 for interface updates Feb 19 17:42:23.592513 osdx ntpd[68948]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes Feb 19 17:42:23.592604 osdx ntpd[68948]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0 Feb 19 17:42:23.592609 osdx ntpd[68948]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0 Feb 19 17:42:23.593518 osdx ntpd[68948]: NTSc: Using system default root certificates. Feb 19 17:42:23.598718 osdx OSDxCLI[13781]: pam_unix(cli:session): session closed for user admin Feb 19 17:42:23.599390 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 17:42:23.647929 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 17:42:23.877619 osdx OSDxCLI[13781]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)