Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/YNYFVknpX7CSm6L9y8st7ElZGsd9x2po=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/YNYFVknpX7FC1stQH7tonrs+59O76pKE=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX19vNlqgmoShcOzlCBBhX6AzEO1Gik5S+ZY=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

May 19 19:16:05.309473 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.3M, max 15.3M, 13.0M free.
May 19 19:16:05.310797 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:16:05.310845 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:16:05.320117 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:16:05.642467 osdx osdx-coredump[47943]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:16:05.653314 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:16:06.140998 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:16:06.204314 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system console log-level info'.
May 19 19:16:06.292756 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
May 19 19:16:06.350538 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system strong-password display'.
May 19 19:16:06.458170 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:16:06.536635 osdx INFO[47960]: FRR daemons did not change
May 19 19:16:06.537940 osdx modulelauncher[1489]: + Received data: ['33376', 'osdx.utils.xos', 'set_console_log_level', 'info']
May 19 19:16:06.563858 osdx OSDxCLI[33376]: Signal 10 received
May 19 19:16:06.575121 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:16:06.576899 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:16:06.606198 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:16:06.799679 osdx OSDxCLI[33376]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
May 19 19:16:06.800111 osdx OSDxCLI[33376]: pam_unix(cli:session): session closed for user admin
May 19 19:16:06.800303 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:16:06.878840 osdx OSDxCLI[33376]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
May 19 19:16:06.879052 osdx cfgd[1655]: Execute action [syntax] for node [system ntp authentication-key 1]
May 19 19:16:06.890655 osdx OSDxCLI[33376]: pam_unix(cli:session): session closed for user admin
May 19 19:16:06.890880 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
May 19 19:16:06.985773 osdx OSDxCLI[33376]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
May 19 19:16:06.990580 osdx OSDxCLI[33376]: pam_unix(cli:session): session closed for user admin
May 19 19:16:06.990770 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show changes'.
May 19 19:16:07.068793 osdx OSDxCLI[33376]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
May 19 19:16:07.075670 osdx cfgd[1655]: [33376]must validation for [system strong-password] was skipped
May 19 19:16:07.075744 osdx cfgd[1655]: [33376]must validation for [system login user admin role] was skipped
May 19 19:16:07.095087 osdx WARNING[47986]: Short keyboard patterns are easy to guess.
May 19 19:16:07.095134 osdx INFO[47986]: Suggestions:
May 19 19:16:07.095166 osdx INFO[47986]:   Add another word or two. Uncommon words are better.
May 19 19:16:07.095191 osdx INFO[47986]:   Use a longer keyboard pattern with more turns.
May 19 19:16:07.095213 osdx INFO[47986]: Crack times (passwords per time):
May 19 19:16:07.095234 osdx INFO[47986]:   100 per hour:              centuries
May 19 19:16:07.095255 osdx INFO[47986]:   10 per second:             3 months
May 19 19:16:07.095317 osdx INFO[47986]:   10.000 per second:         3 hours
May 19 19:16:07.095343 osdx INFO[47986]:   10.000.000.000 per second: less than a second
May 19 19:16:07.099812 osdx INFO[47988]: FRR daemons did not change
May 19 19:16:07.100220 osdx cfgd[1655]: Execute action [end] for node [system ntp]
May 19 19:16:07.139064 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
May 19 19:16:07.144400 osdx ntpd[47995]: INIT: ntpd ntpsec-1.2.2+1-g53930a0: Starting
May 19 19:16:07.144421 osdx ntpd[47995]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
May 19 19:16:07.144636 osdx ntp-systemd-wrapper[47995]: 2025-05-19T19:16:07 ntpd[47995]: INIT: ntpd ntpsec-1.2.2+1-g53930a0: Starting
May 19 19:16:07.144636 osdx ntp-systemd-wrapper[47995]: 2025-05-19T19:16:07 ntpd[47995]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
May 19 19:16:07.144952 osdx systemd[1]: Started ntpsec.service - Network Time Service.
May 19 19:16:07.146630 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:16:07.148282 osdx OSDxCLI[33376]: pam_unix(cli:session): session closed for user admin
May 19 19:16:07.148552 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:16:07.148575 osdx ntpd[47997]: INIT: precision = 0.065 usec (-24)
May 19 19:16:07.149272 osdx ntpd[47997]: INIT: successfully locked into RAM
May 19 19:16:07.149287 osdx ntpd[47997]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
May 19 19:16:07.149321 osdx ntpd[47997]: AUTH: authreadkeys: reading /etc/ntp.keys
May 19 19:16:07.149479 osdx ntpd[47997]: AUTH: authreadkeys: added 1 keys
May 19 19:16:07.149529 osdx ntpd[47997]: INIT: Using SO_TIMESTAMPNS(ns)
May 19 19:16:07.149544 osdx ntpd[47997]: IO: Listen and drop on 0 v6wildcard [::]:123
May 19 19:16:07.149558 osdx ntpd[47997]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
May 19 19:16:07.149958 osdx ntpd[47997]: IO: Listen normally on 2 lo 127.0.0.1:123
May 19 19:16:07.149978 osdx ntpd[47997]: IO: Listen normally on 3 lo [::1]:123
May 19 19:16:07.149999 osdx ntpd[47997]: IO: Listening on routing socket on fd #20 for interface updates
May 19 19:16:07.150006 osdx ntpd[47997]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
May 19 19:16:07.150062 osdx ntpd[47997]: INIT: OpenSSL 3.0.14 4 Jun 2024, 300000e0
May 19 19:16:07.150593 osdx ntpd[47997]: NTSc: Using system default root certificates.
May 19 19:16:07.195339 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:16:07.336189 osdx OSDxCLI[33376]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---