Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/MFIKXx2VnqSc0QFKZLOlirViE7Mur460=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/MFIKXx2VnqfQHvvLzCCE4FfdeD0WAhac=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX19Cy+7vI7SesH4HiyPK80ddVU7FPf49aM8=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Mar 21 22:02:44.565642 osdx systemd-journald[135576]: Runtime Journal (/run/log/journal/4aed3ffce77740a989e5dd98f632940c) is 2.4M, max 15.3M, 12.9M free.
Mar 21 22:02:44.570192 osdx systemd-journald[135576]: Received client request to rotate journal, rotating.
Mar 21 22:02:44.570287 osdx systemd-journald[135576]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4aed3ffce77740a989e5dd98f632940c.
Mar 21 22:02:44.590417 osdx OSDxCLI[139006]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 22:02:45.197284 osdx osdx-coredump[140749]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 21 22:02:45.214912 osdx OSDxCLI[139006]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 21 22:02:46.130324 osdx OSDxCLI[139006]: User 'admin' entered the configuration menu.
Mar 21 22:02:46.223166 osdx OSDxCLI[139006]: User 'admin' added a new cfg line: 'set system console log-level info'.
Mar 21 22:02:46.406431 osdx OSDxCLI[139006]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Mar 21 22:02:46.566501 osdx OSDxCLI[139006]: User 'admin' added a new cfg line: 'set system strong-password display'.
Mar 21 22:02:46.722455 osdx OSDxCLI[139006]: User 'admin' added a new cfg line: 'show working'.
Mar 21 22:02:46.876289 osdx ubnt-cfgd[140768]: inactive
Mar 21 22:02:47.045423 osdx INFO[140780]: FRR daemons did not change
Mar 21 22:02:47.047290 osdx modulelauncher[1483]: + Received data: ['139006', 'osdx.utils.xos', 'set_console_log_level', 'info']
Mar 21 22:02:47.087376 osdx OSDxCLI[139006]: Signal 10 received
Mar 21 22:02:47.114329 osdx cfgd[1728]: [139006]Completed change to active configuration
Mar 21 22:02:47.121433 osdx OSDxCLI[139006]: User 'admin' committed the configuration.
Mar 21 22:02:47.183925 osdx OSDxCLI[139006]: User 'admin' left the configuration menu.
Mar 21 22:02:47.544008 osdx OSDxCLI[139006]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 21 22:02:47.544909 osdx OSDxCLI[139006]: pam_unix(cli:session): session closed for user admin
Mar 21 22:02:47.545552 osdx OSDxCLI[139006]: User 'admin' entered the configuration menu.
Mar 21 22:02:47.717675 osdx OSDxCLI[139006]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 21 22:02:47.718203 osdx cfgd[1728]: Execute action [syntax] for node [system ntp authentication-key 1]
Mar 21 22:02:47.748658 osdx OSDxCLI[139006]: pam_unix(cli:session): session closed for user admin
Mar 21 22:02:47.749398 osdx OSDxCLI[139006]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Mar 21 22:02:47.906843 osdx OSDxCLI[139006]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 21 22:02:47.920666 osdx OSDxCLI[139006]: pam_unix(cli:session): session closed for user admin
Mar 21 22:02:47.921377 osdx OSDxCLI[139006]: User 'admin' added a new cfg line: 'show changes'.
Mar 21 22:02:48.032807 osdx OSDxCLI[139006]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 21 22:02:48.051624 osdx ubnt-cfgd[140806]: inactive
Mar 21 22:02:48.277403 osdx cfgd[1728]: [139006]must validation for [system strong-password] was skipped
Mar 21 22:02:48.277529 osdx cfgd[1728]: [139006]must validation for [system login user admin role] was skipped
Mar 21 22:02:48.307998 osdx WARNING[140816]: Short keyboard patterns are easy to guess.
Mar 21 22:02:48.308068 osdx INFO[140816]: Suggestions:
Mar 21 22:02:48.308120 osdx INFO[140816]:   Add another word or two. Uncommon words are better.
Mar 21 22:02:48.308173 osdx INFO[140816]:   Use a longer keyboard pattern with more turns.
Mar 21 22:02:48.308212 osdx INFO[140816]: Crack times (passwords per time):
Mar 21 22:02:48.308246 osdx INFO[140816]:   100 per hour:              centuries
Mar 21 22:02:48.308279 osdx INFO[140816]:   10 per second:             3 months
Mar 21 22:02:48.308359 osdx INFO[140816]:   10.000 per second:         3 hours
Mar 21 22:02:48.308391 osdx INFO[140816]:   10.000.000.000 per second: less than a second
Mar 21 22:02:48.326996 osdx INFO[140818]: FRR daemons did not change
Mar 21 22:02:48.327772 osdx cfgd[1728]: Execute action [end] for node [system ntp]
Mar 21 22:02:48.405767 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Mar 21 22:02:48.421116 osdx ntpd[140825]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Mar 21 22:02:48.421156 osdx ntpd[140825]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Mar 21 22:02:48.421741 osdx ntp-systemd-wrapper[140825]: 2025-03-21T22:02:48 ntpd[140825]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Mar 21 22:02:48.421741 osdx ntp-systemd-wrapper[140825]: 2025-03-21T22:02:48 ntpd[140825]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Mar 21 22:02:48.422340 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Mar 21 22:02:48.424338 osdx cfgd[1728]: [139006]Completed change to active configuration
Mar 21 22:02:48.426947 osdx ntpd[140827]: INIT: precision = 0.054 usec (-24)
Mar 21 22:02:48.427626 osdx ntpd[140827]: INIT: successfully locked into RAM
Mar 21 22:02:48.427653 osdx ntpd[140827]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Mar 21 22:02:48.427712 osdx ntpd[140827]: AUTH: authreadkeys: reading /etc/ntp.keys
Mar 21 22:02:48.427954 osdx ntpd[140827]: AUTH: authreadkeys: added 1 keys
Mar 21 22:02:48.428026 osdx ntpd[140827]: INIT: Using SO_TIMESTAMPNS(ns)
Mar 21 22:02:48.428052 osdx ntpd[140827]: IO: Listen and drop on 0 v6wildcard [::]:123
Mar 21 22:02:48.428078 osdx ntpd[140827]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Mar 21 22:02:48.428805 osdx ntpd[140827]: IO: Listen normally on 2 lo 127.0.0.1:123
Mar 21 22:02:48.428844 osdx ntpd[140827]: IO: Listen normally on 3 lo [::1]:123
Mar 21 22:02:48.428878 osdx ntpd[140827]: IO: Listening on routing socket on fd #20 for interface updates
Mar 21 22:02:48.428886 osdx ntpd[140827]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Mar 21 22:02:48.428940 osdx ntpd[140827]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0
Mar 21 22:02:48.428943 osdx ntpd[140827]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Mar 21 22:02:48.429414 osdx OSDxCLI[139006]: pam_unix(cli:session): session closed for user admin
Mar 21 22:02:48.429700 osdx ntpd[140827]: NTSc: Using system default root certificates.
Mar 21 22:02:48.429915 osdx OSDxCLI[139006]: User 'admin' committed the configuration.
Mar 21 22:02:48.491668 osdx OSDxCLI[139006]: User 'admin' left the configuration menu.
Mar 21 22:02:48.725672 osdx OSDxCLI[139006]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---