Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX18MBX1uFxhELw2wSKz8POmeBZXp1r2lfDo=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX18MBX1uFxhEL++9GLLn241+y3kacEkJqsA=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+Bw+vjVT4bSARmauctqmUtEYuJnYWfpLA=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Feb 19 19:44:17.548748 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.3M, max 15.3M, 12.9M free.
Feb 19 19:44:17.554626 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 19:44:17.554709 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 19:44:17.581656 osdx OSDxCLI[411906]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 19:44:18.350467 osdx osdx-coredump[421181]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Feb 19 19:44:18.367006 osdx OSDxCLI[411906]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 19 19:44:19.359302 osdx OSDxCLI[411906]: User 'admin' entered the configuration menu.
Feb 19 19:44:19.563917 osdx OSDxCLI[411906]: User 'admin' added a new cfg line: 'set system console log-level info'.
Feb 19 19:44:19.730857 osdx OSDxCLI[411906]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Feb 19 19:44:19.889449 osdx OSDxCLI[411906]: User 'admin' added a new cfg line: 'set system strong-password display'.
Feb 19 19:44:20.080861 osdx OSDxCLI[411906]: User 'admin' added a new cfg line: 'show working'.
Feb 19 19:44:20.301070 osdx INFO[421202]: FRR daemons did not change
Feb 19 19:44:20.304047 osdx modulelauncher[1289]: + Received data: ['411906', 'osdx.utils.xos', 'set_console_log_level', 'info']
Feb 19 19:44:20.362129 osdx OSDxCLI[411906]: Signal 10 received
Feb 19 19:44:20.411874 osdx cfgd[1448]: [411906]Completed change to active configuration
Feb 19 19:44:20.425655 osdx OSDxCLI[411906]: User 'admin' committed the configuration.
Feb 19 19:44:20.504282 osdx OSDxCLI[411906]: User 'admin' left the configuration menu.
Feb 19 19:44:20.859324 osdx OSDxCLI[411906]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Feb 19 19:44:20.860366 osdx OSDxCLI[411906]: pam_unix(cli:session): session closed for user admin
Feb 19 19:44:20.861132 osdx OSDxCLI[411906]: User 'admin' entered the configuration menu.
Feb 19 19:44:21.020827 osdx OSDxCLI[411906]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Feb 19 19:44:21.022261 osdx cfgd[1448]: Execute action [syntax] for node [system ntp authentication-key 1]
Feb 19 19:44:21.063634 osdx OSDxCLI[411906]: pam_unix(cli:session): session closed for user admin
Feb 19 19:44:21.064264 osdx OSDxCLI[411906]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Feb 19 19:44:21.164832 osdx OSDxCLI[411906]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Feb 19 19:44:21.175737 osdx OSDxCLI[411906]: pam_unix(cli:session): session closed for user admin
Feb 19 19:44:21.176463 osdx OSDxCLI[411906]: User 'admin' added a new cfg line: 'show changes'.
Feb 19 19:44:21.374818 osdx OSDxCLI[411906]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Feb 19 19:44:21.393868 osdx cfgd[1448]: [411906]must validation for [system strong-password] was skipped
Feb 19 19:44:21.394224 osdx cfgd[1448]: [411906]must validation for [system login user admin role] was skipped
Feb 19 19:44:21.436422 osdx WARNING[421228]: Short keyboard patterns are easy to guess.
Feb 19 19:44:21.436499 osdx INFO[421228]: Suggestions:
Feb 19 19:44:21.436558 osdx INFO[421228]:   Add another word or two. Uncommon words are better.
Feb 19 19:44:21.436605 osdx INFO[421228]:   Use a longer keyboard pattern with more turns.
Feb 19 19:44:21.436646 osdx INFO[421228]: Crack times (passwords per time):
Feb 19 19:44:21.436689 osdx INFO[421228]:   100 per hour:              centuries
Feb 19 19:44:21.436733 osdx INFO[421228]:   10 per second:             3 months
Feb 19 19:44:21.436821 osdx INFO[421228]:   10.000 per second:         3 hours
Feb 19 19:44:21.436863 osdx INFO[421228]:   10.000.000.000 per second: less than a second
Feb 19 19:44:21.453099 osdx INFO[421230]: FRR daemons did not change
Feb 19 19:44:21.453826 osdx cfgd[1448]: Execute action [end] for node [system ntp]
Feb 19 19:44:21.514315 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Feb 19 19:44:21.527905 osdx ntpd[421237]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Feb 19 19:44:21.527940 osdx ntpd[421237]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Feb 19 19:44:21.532347 osdx ntp-systemd-wrapper[421237]: 2025-02-19T19:44:21 ntpd[421237]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Feb 19 19:44:21.532347 osdx ntp-systemd-wrapper[421237]: 2025-02-19T19:44:21 ntpd[421237]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Feb 19 19:44:21.533375 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Feb 19 19:44:21.536328 osdx cfgd[1448]: [411906]Completed change to active configuration
Feb 19 19:44:21.538506 osdx ntpd[421239]: INIT: precision = 0.090 usec (-23)
Feb 19 19:44:21.540874 osdx ntpd[421239]: INIT: successfully locked into RAM
Feb 19 19:44:21.540897 osdx ntpd[421239]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Feb 19 19:44:21.540948 osdx ntpd[421239]: AUTH: authreadkeys: reading /etc/ntp.keys
Feb 19 19:44:21.541361 osdx ntpd[421239]: AUTH: authreadkeys: added 1 keys
Feb 19 19:44:21.541423 osdx ntpd[421239]: INIT: Using SO_TIMESTAMPNS(ns)
Feb 19 19:44:21.541442 osdx ntpd[421239]: IO: Listen and drop on 0 v6wildcard [::]:123
Feb 19 19:44:21.541460 osdx ntpd[421239]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Feb 19 19:44:21.542341 osdx ntpd[421239]: IO: Listen normally on 2 lo 127.0.0.1:123
Feb 19 19:44:21.542368 osdx ntpd[421239]: IO: Listen normally on 3 lo [::1]:123
Feb 19 19:44:21.542409 osdx ntpd[421239]: IO: Listening on routing socket on fd #20 for interface updates
Feb 19 19:44:21.542419 osdx ntpd[421239]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Feb 19 19:44:21.542494 osdx ntpd[421239]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0
Feb 19 19:44:21.542499 osdx ntpd[421239]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Feb 19 19:44:21.544397 osdx ntpd[421239]: NTSc: Using system default root certificates.
Feb 19 19:44:21.558152 osdx OSDxCLI[411906]: pam_unix(cli:session): session closed for user admin
Feb 19 19:44:21.558857 osdx OSDxCLI[411906]: User 'admin' committed the configuration.
Feb 19 19:44:21.615881 osdx OSDxCLI[411906]: User 'admin' left the configuration menu.
Feb 19 19:44:21.836746 osdx OSDxCLI[411906]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---