Strong Password
Test suite to check the OSDx password strong-password level
Test Strong Password
Description
A password strength level and a strong password are configured and then attempting to configure a weak password fails.
Scenario
Step 1: Set the following configuration in DUT0 :
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system ntp authentication-key 1 encrypted-key U2FsdGVkX19Hs9EYC6kQD/levw7vwhihtF1b7mOGziY= set system strong-password level 2
Note
This password has a score of 4.
Step 2: Expect a failure in the following command:
Modify the following configuration lines in DUT0 :
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19Hs9EYC6kQDzK4BKYRHwp+q2IB9sc+lG8=
Note
This password has a score of 0, which is lower than the strong-password level.
Test Password Display
Description
Check that additional information from the strong-password is displayed correctly
Scenario
Step 1: Set the following configuration in DUT0 :
set system cli configuration logging global info set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system strong-password display set system strong-password level 0
Step 2: Modify the following configuration lines in DUT0 :
set system ntp authentication-key 1 encrypted-key U2FsdGVkX18+a/5Y1nBWPg7unq762PuRplAt9nR6mJQ=
Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:
Show output
May 26 10:42:02.330341 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/667813271fde4661bfa43dd3fe9abe5e) is 2.3M, max 15.3M, 13.0M free. May 26 10:42:02.332757 osdx systemd-journald[1847]: Received client request to rotate journal, rotating. May 26 10:42:02.332839 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/667813271fde4661bfa43dd3fe9abe5e. May 26 10:42:02.344114 osdx OSDxCLI[26431]: User 'admin' executed a new command: 'system journal clear'. May 26 10:42:02.754892 osdx osdx-coredump[27705]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 10:42:02.762857 osdx OSDxCLI[26431]: User 'admin' executed a new command: 'system coredump delete all'. May 26 10:42:03.232458 osdx OSDxCLI[26431]: User 'admin' entered the configuration menu. May 26 10:42:03.291754 osdx OSDxCLI[26431]: User 'admin' added a new cfg line: 'set system console log-level info'. May 26 10:42:03.390196 osdx OSDxCLI[26431]: User 'admin' added a new cfg line: 'set system strong-password level 0'. May 26 10:42:03.449034 osdx OSDxCLI[26431]: User 'admin' added a new cfg line: 'set system strong-password display'. May 26 10:42:03.559751 osdx OSDxCLI[26431]: User 'admin' added a new cfg line: 'show working'. May 26 10:42:03.627240 osdx INFO[27722]: FRR daemons did not change May 26 10:42:03.628372 osdx modulelauncher[1485]: + Received data: ['26431', 'osdx.utils.xos', 'set_console_log_level', 'info'] May 26 10:42:03.647180 osdx OSDxCLI[26431]: Signal 10 received May 26 10:42:03.658504 osdx cfgd[1651]: [26431]Completed change to active configuration May 26 10:42:03.660310 osdx OSDxCLI[26431]: User 'admin' committed the configuration. May 26 10:42:03.700200 osdx OSDxCLI[26431]: User 'admin' left the configuration menu. May 26 10:42:03.899321 osdx OSDxCLI[26431]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) May 26 10:42:03.899826 osdx OSDxCLI[26431]: pam_unix(cli:session): session closed for user admin May 26 10:42:03.900074 osdx OSDxCLI[26431]: User 'admin' entered the configuration menu. May 26 10:42:03.965682 osdx OSDxCLI[26431]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) May 26 10:42:03.965961 osdx cfgd[1651]: Execute action [syntax] for node [system ntp authentication-key 1] May 26 10:42:03.977661 osdx OSDxCLI[26431]: pam_unix(cli:session): session closed for user admin May 26 10:42:03.977914 osdx OSDxCLI[26431]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'. May 26 10:42:04.063202 osdx OSDxCLI[26431]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) May 26 10:42:04.067920 osdx OSDxCLI[26431]: pam_unix(cli:session): session closed for user admin May 26 10:42:04.068105 osdx OSDxCLI[26431]: User 'admin' added a new cfg line: 'show changes'. May 26 10:42:04.145546 osdx OSDxCLI[26431]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) May 26 10:42:04.150099 osdx cfgd[1651]: [26431]must validation for [system strong-password] was skipped May 26 10:42:04.150152 osdx cfgd[1651]: [26431]must validation for [system login user admin role] was skipped May 26 10:42:04.162052 osdx WARNING[27748]: Short keyboard patterns are easy to guess. May 26 10:42:04.162296 osdx INFO[27748]: Suggestions: May 26 10:42:04.162358 osdx INFO[27748]: Add another word or two. Uncommon words are better. May 26 10:42:04.162406 osdx INFO[27748]: Use a longer keyboard pattern with more turns. May 26 10:42:04.162449 osdx INFO[27748]: Crack times (passwords per time): May 26 10:42:04.162494 osdx INFO[27748]: 100 per hour: centuries May 26 10:42:04.162538 osdx INFO[27748]: 10 per second: 3 months May 26 10:42:04.162611 osdx INFO[27748]: 10.000 per second: 3 hours May 26 10:42:04.162654 osdx INFO[27748]: 10.000.000.000 per second: less than a second May 26 10:42:04.167056 osdx INFO[27750]: FRR daemons did not change May 26 10:42:04.167212 osdx cfgd[1651]: Execute action [end] for node [system ntp] May 26 10:42:04.200978 osdx systemd[1]: Starting ntpsec.service - Network Time Service... May 26 10:42:04.206201 osdx ntpd[27757]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting May 26 10:42:04.206215 osdx ntpd[27757]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec May 26 10:42:04.206408 osdx ntp-systemd-wrapper[27757]: 2025-05-26T10:42:04 ntpd[27757]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting May 26 10:42:04.206408 osdx ntp-systemd-wrapper[27757]: 2025-05-26T10:42:04 ntpd[27757]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec May 26 10:42:04.206672 osdx systemd[1]: Started ntpsec.service - Network Time Service. May 26 10:42:04.208200 osdx cfgd[1651]: [26431]Completed change to active configuration May 26 10:42:04.209624 osdx OSDxCLI[26431]: pam_unix(cli:session): session closed for user admin May 26 10:42:04.209838 osdx OSDxCLI[26431]: User 'admin' committed the configuration. May 26 10:42:04.210040 osdx ntpd[27759]: INIT: precision = 0.070 usec (-24) May 26 10:42:04.210494 osdx ntpd[27759]: INIT: successfully locked into RAM May 26 10:42:04.210509 osdx ntpd[27759]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf May 26 10:42:04.210539 osdx ntpd[27759]: AUTH: authreadkeys: reading /etc/ntp.keys May 26 10:42:04.210667 osdx ntpd[27759]: AUTH: authreadkeys: added 1 keys May 26 10:42:04.210705 osdx ntpd[27759]: INIT: Using SO_TIMESTAMPNS(ns) May 26 10:42:04.210718 osdx ntpd[27759]: IO: Listen and drop on 0 v6wildcard [::]:123 May 26 10:42:04.210729 osdx ntpd[27759]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 May 26 10:42:04.211123 osdx ntpd[27759]: IO: Listen normally on 2 lo 127.0.0.1:123 May 26 10:42:04.211152 osdx ntpd[27759]: IO: Listen normally on 3 lo [::1]:123 May 26 10:42:04.211176 osdx ntpd[27759]: IO: Listening on routing socket on fd #20 for interface updates May 26 10:42:04.211186 osdx ntpd[27759]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes May 26 10:42:04.211245 osdx ntpd[27759]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0 May 26 10:42:04.211252 osdx ntpd[27759]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0 May 26 10:42:04.211839 osdx ntpd[27759]: NTSc: Using system default root certificates. May 26 10:42:04.226410 osdx OSDxCLI[26431]: User 'admin' left the configuration menu. May 26 10:42:04.372731 osdx OSDxCLI[26431]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)