Strong Password
Test suite to check the OSDx password strong-password level
Test Strong Password
Description
A password strength level and a strong password are configured and then attempting to configure a weak password fails.
Scenario
Step 1: Set the following configuration in DUT0 :
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system ntp authentication-key 1 encrypted-key U2FsdGVkX19xxVRgeOC6x8JiqC1b5P7T/VkEhvgvXDg= set system strong-password level 2
Note
This password has a score of 4.
Step 2: Expect a failure in the following command:
Modify the following configuration lines in DUT0 :
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19xxVRgeOC6x3+WExd4tkBkOQETdxR6C9Y=
Note
This password has a score of 0, which is lower than the strong-password level.
Test Password Display
Description
Check that additional information from the strong-password is displayed correctly
Scenario
Step 1: Set the following configuration in DUT0 :
set system cli configuration logging global info set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system strong-password display set system strong-password level 0
Step 2: Modify the following configuration lines in DUT0 :
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/p5GhNq69y5GIDyoF1NNlygRc1o1uESp8=
Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:
Show output
Mar 18 13:50:23.427871 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.3M, max 15.3M, 12.9M free. Mar 18 13:50:23.428711 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 13:50:23.428776 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 13:50:23.446657 osdx OSDxCLI[4876]: User 'admin' executed a new command: 'system journal clear'. Mar 18 13:50:23.954401 osdx osdx-coredump[11503]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 13:50:23.965735 osdx OSDxCLI[4876]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 13:50:24.685619 osdx OSDxCLI[4876]: User 'admin' entered the configuration menu. Mar 18 13:50:24.802582 osdx OSDxCLI[4876]: User 'admin' added a new cfg line: 'set system console log-level info'. Mar 18 13:50:24.904162 osdx OSDxCLI[4876]: User 'admin' added a new cfg line: 'set system strong-password level 0'. Mar 18 13:50:25.046868 osdx OSDxCLI[4876]: User 'admin' added a new cfg line: 'set system strong-password display'. Mar 18 13:50:25.197029 osdx OSDxCLI[4876]: User 'admin' added a new cfg line: 'show working'. Mar 18 13:50:25.330011 osdx INFO[11524]: FRR daemons did not change Mar 18 13:50:25.331301 osdx modulelauncher[1295]: + Received data: ['4876', 'osdx.utils.xos', 'set_console_log_level', 'info'] Mar 18 13:50:25.361510 osdx OSDxCLI[4876]: Signal 10 received Mar 18 13:50:25.379556 osdx cfgd[1459]: [4876]Completed change to active configuration Mar 18 13:50:25.382151 osdx OSDxCLI[4876]: User 'admin' committed the configuration. Mar 18 13:50:25.410026 osdx OSDxCLI[4876]: User 'admin' left the configuration menu. Mar 18 13:50:25.627476 osdx OSDxCLI[4876]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Mar 18 13:50:25.628133 osdx OSDxCLI[4876]: pam_unix(cli:session): session closed for user admin Mar 18 13:50:25.628404 osdx OSDxCLI[4876]: User 'admin' entered the configuration menu. Mar 18 13:50:25.732973 osdx OSDxCLI[4876]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Mar 18 13:50:25.733355 osdx cfgd[1459]: Execute action [syntax] for node [system ntp authentication-key 1] Mar 18 13:50:25.750860 osdx OSDxCLI[4876]: pam_unix(cli:session): session closed for user admin Mar 18 13:50:25.751188 osdx OSDxCLI[4876]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'. Mar 18 13:50:25.856417 osdx OSDxCLI[4876]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Mar 18 13:50:25.864232 osdx OSDxCLI[4876]: pam_unix(cli:session): session closed for user admin Mar 18 13:50:25.864603 osdx OSDxCLI[4876]: User 'admin' added a new cfg line: 'show changes'. Mar 18 13:50:25.977454 osdx OSDxCLI[4876]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) Mar 18 13:50:25.986832 osdx cfgd[1459]: [4876]must validation for [system strong-password] was skipped Mar 18 13:50:25.986964 osdx cfgd[1459]: [4876]must validation for [system login user admin role] was skipped Mar 18 13:50:26.013654 osdx WARNING[11550]: Short keyboard patterns are easy to guess. Mar 18 13:50:26.013731 osdx INFO[11550]: Suggestions: Mar 18 13:50:26.013821 osdx INFO[11550]: Add another word or two. Uncommon words are better. Mar 18 13:50:26.013883 osdx INFO[11550]: Use a longer keyboard pattern with more turns. Mar 18 13:50:26.013950 osdx INFO[11550]: Crack times (passwords per time): Mar 18 13:50:26.013991 osdx INFO[11550]: 100 per hour: centuries Mar 18 13:50:26.014033 osdx INFO[11550]: 10 per second: 3 months Mar 18 13:50:26.014122 osdx INFO[11550]: 10.000 per second: 3 hours Mar 18 13:50:26.014177 osdx INFO[11550]: 10.000.000.000 per second: less than a second Mar 18 13:50:26.021072 osdx INFO[11552]: FRR daemons did not change Mar 18 13:50:26.021614 osdx cfgd[1459]: Execute action [end] for node [system ntp] Mar 18 13:50:26.072425 osdx systemd[1]: Starting ntpsec.service - Network Time Service... Mar 18 13:50:26.079746 osdx ntpd[11559]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting Mar 18 13:50:26.080060 osdx ntp-systemd-wrapper[11559]: 2025-03-18T13:50:26 ntpd[11559]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting Mar 18 13:50:26.080121 osdx ntpd[11559]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec Mar 18 13:50:26.080187 osdx ntp-systemd-wrapper[11559]: 2025-03-18T13:50:26 ntpd[11559]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec Mar 18 13:50:26.081034 osdx systemd[1]: Started ntpsec.service - Network Time Service. Mar 18 13:50:26.082367 osdx cfgd[1459]: [4876]Completed change to active configuration Mar 18 13:50:26.084342 osdx ntpd[11561]: INIT: precision = 0.053 usec (-24) Mar 18 13:50:26.084976 osdx ntpd[11561]: INIT: successfully locked into RAM Mar 18 13:50:26.084993 osdx ntpd[11561]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf Mar 18 13:50:26.084994 osdx OSDxCLI[4876]: pam_unix(cli:session): session closed for user admin Mar 18 13:50:26.085038 osdx ntpd[11561]: AUTH: authreadkeys: reading /etc/ntp.keys Mar 18 13:50:26.085295 osdx OSDxCLI[4876]: User 'admin' committed the configuration. Mar 18 13:50:26.085315 osdx ntpd[11561]: AUTH: authreadkeys: added 1 keys Mar 18 13:50:26.085608 osdx ntpd[11561]: INIT: Using SO_TIMESTAMPNS(ns) Mar 18 13:50:26.085633 osdx ntpd[11561]: IO: Listen and drop on 0 v6wildcard [::]:123 Mar 18 13:50:26.085654 osdx ntpd[11561]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 Mar 18 13:50:26.086415 osdx ntpd[11561]: IO: Listen normally on 2 lo 127.0.0.1:123 Mar 18 13:50:26.086441 osdx ntpd[11561]: IO: Listen normally on 3 lo [::1]:123 Mar 18 13:50:26.086471 osdx ntpd[11561]: IO: Listening on routing socket on fd #20 for interface updates Mar 18 13:50:26.086480 osdx ntpd[11561]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes Mar 18 13:50:26.086558 osdx ntpd[11561]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0 Mar 18 13:50:26.086563 osdx ntpd[11561]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0 Mar 18 13:50:26.087441 osdx ntpd[11561]: NTSc: Using system default root certificates. Mar 18 13:50:26.111668 osdx OSDxCLI[4876]: User 'admin' left the configuration menu. Mar 18 13:50:26.272936 osdx OSDxCLI[4876]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)