Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/VUG1rNbGmEgK6dwSY57Ve4ueXLDGBOKw=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/VUG1rNbGmEkfdXHcC0sIcFpfs7TyU4fk=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX19wM57Z0TsFkblEAFYQJD5Qf12AQXF+CPU=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Mar 10 10:02:09.304414 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/8c78421431714dc5b42d4f61b2ec278e) is 2.3M, max 15.3M, 13.0M free.
Mar 10 10:02:09.307354 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 10 10:02:09.307433 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8c78421431714dc5b42d4f61b2ec278e.
Mar 10 10:02:09.314503 osdx OSDxCLI[104338]: User 'admin' executed a new command: 'system journal clear'.
Mar 10 10:02:09.657206 osdx osdx-coredump[107940]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 10 10:02:09.664844 osdx OSDxCLI[104338]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 10 10:02:10.123305 osdx OSDxCLI[104338]: User 'admin' entered the configuration menu.
Mar 10 10:02:10.181636 osdx OSDxCLI[104338]: User 'admin' added a new cfg line: 'set system console log-level info'.
Mar 10 10:02:10.279396 osdx OSDxCLI[104338]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Mar 10 10:02:10.362480 osdx OSDxCLI[104338]: User 'admin' added a new cfg line: 'set system strong-password display'.
Mar 10 10:02:10.431403 osdx OSDxCLI[104338]: User 'admin' added a new cfg line: 'show working'.
Mar 10 10:02:10.526867 osdx INFO[107961]: FRR daemons did not change
Mar 10 10:02:10.527715 osdx modulelauncher[1291]: + Received data: ['104338', 'osdx.utils.xos', 'set_console_log_level', 'info']
Mar 10 10:02:10.547558 osdx OSDxCLI[104338]: Signal 10 received
Mar 10 10:02:10.560730 osdx cfgd[1455]: [104338]Completed change to active configuration
Mar 10 10:02:10.563052 osdx OSDxCLI[104338]: User 'admin' committed the configuration.
Mar 10 10:02:10.584906 osdx OSDxCLI[104338]: User 'admin' left the configuration menu.
Mar 10 10:02:10.752555 osdx OSDxCLI[104338]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 10 10:02:10.753158 osdx OSDxCLI[104338]: pam_unix(cli:session): session closed for user admin
Mar 10 10:02:10.753567 osdx OSDxCLI[104338]: User 'admin' entered the configuration menu.
Mar 10 10:02:10.815264 osdx OSDxCLI[104338]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 10 10:02:10.815668 osdx cfgd[1455]: Execute action [syntax] for node [system ntp authentication-key 1]
Mar 10 10:02:10.832996 osdx OSDxCLI[104338]: pam_unix(cli:session): session closed for user admin
Mar 10 10:02:10.833420 osdx OSDxCLI[104338]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Mar 10 10:02:10.910251 osdx OSDxCLI[104338]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 10 10:02:10.915312 osdx OSDxCLI[104338]: pam_unix(cli:session): session closed for user admin
Mar 10 10:02:10.915624 osdx OSDxCLI[104338]: User 'admin' added a new cfg line: 'show changes'.
Mar 10 10:02:10.969772 osdx OSDxCLI[104338]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 10 10:02:10.974553 osdx cfgd[1455]: [104338]must validation for [system strong-password] was skipped
Mar 10 10:02:10.974604 osdx cfgd[1455]: [104338]must validation for [system login user admin role] was skipped
Mar 10 10:02:10.986370 osdx WARNING[107987]: Short keyboard patterns are easy to guess.
Mar 10 10:02:10.986411 osdx INFO[107987]: Suggestions:
Mar 10 10:02:10.986438 osdx INFO[107987]:   Add another word or two. Uncommon words are better.
Mar 10 10:02:10.986456 osdx INFO[107987]:   Use a longer keyboard pattern with more turns.
Mar 10 10:02:10.986472 osdx INFO[107987]: Crack times (passwords per time):
Mar 10 10:02:10.986489 osdx INFO[107987]:   100 per hour:              centuries
Mar 10 10:02:10.986504 osdx INFO[107987]:   10 per second:             3 months
Mar 10 10:02:10.986551 osdx INFO[107987]:   10.000 per second:         3 hours
Mar 10 10:02:10.986570 osdx INFO[107987]:   10.000.000.000 per second: less than a second
Mar 10 10:02:10.991144 osdx INFO[107989]: FRR daemons did not change
Mar 10 10:02:10.991535 osdx cfgd[1455]: Execute action [end] for node [system ntp]
Mar 10 10:02:11.031594 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Mar 10 10:02:11.036906 osdx ntpd[107996]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Mar 10 10:02:11.036925 osdx ntpd[107996]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Mar 10 10:02:11.037183 osdx ntp-systemd-wrapper[107996]: 2025-03-10T10:02:11 ntpd[107996]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Mar 10 10:02:11.037183 osdx ntp-systemd-wrapper[107996]: 2025-03-10T10:02:11 ntpd[107996]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Mar 10 10:02:11.037419 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Mar 10 10:02:11.038132 osdx cfgd[1455]: [104338]Completed change to active configuration
Mar 10 10:02:11.039743 osdx OSDxCLI[104338]: pam_unix(cli:session): session closed for user admin
Mar 10 10:02:11.039982 osdx OSDxCLI[104338]: User 'admin' committed the configuration.
Mar 10 10:02:11.041451 osdx ntpd[107998]: INIT: precision = 0.069 usec (-24)
Mar 10 10:02:11.042050 osdx ntpd[107998]: INIT: successfully locked into RAM
Mar 10 10:02:11.042065 osdx ntpd[107998]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Mar 10 10:02:11.042099 osdx ntpd[107998]: AUTH: authreadkeys: reading /etc/ntp.keys
Mar 10 10:02:11.042279 osdx ntpd[107998]: AUTH: authreadkeys: added 1 keys
Mar 10 10:02:11.042327 osdx ntpd[107998]: INIT: Using SO_TIMESTAMPNS(ns)
Mar 10 10:02:11.042342 osdx ntpd[107998]: IO: Listen and drop on 0 v6wildcard [::]:123
Mar 10 10:02:11.042356 osdx ntpd[107998]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Mar 10 10:02:11.042775 osdx ntpd[107998]: IO: Listen normally on 2 lo 127.0.0.1:123
Mar 10 10:02:11.042796 osdx ntpd[107998]: IO: Listen normally on 3 lo [::1]:123
Mar 10 10:02:11.042817 osdx ntpd[107998]: IO: Listening on routing socket on fd #20 for interface updates
Mar 10 10:02:11.042825 osdx ntpd[107998]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Mar 10 10:02:11.042888 osdx ntpd[107998]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0
Mar 10 10:02:11.042892 osdx ntpd[107998]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Mar 10 10:02:11.043321 osdx ntpd[107998]: NTSc: Using system default root certificates.
Mar 10 10:02:11.056722 osdx OSDxCLI[104338]: User 'admin' left the configuration menu.
Mar 10 10:02:11.200505 osdx OSDxCLI[104338]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---