Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+1mUiHUOBx3ORinp1sbXsb4G4vo6E1rrM=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+1mUiHUOBx3G4xCflwukuIayBvq32ilWw=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX19pfHGDJu+d0dLsl3vpr1MwCaXE9/Jh+UM=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Apr 10 17:04:40.000217 osdx systemd-timedated[147586]: Changed local time to Thu 2025-04-10 17:04:40 UTC
Apr 10 17:04:40.001887 osdx systemd-journald[1983]: Time jumped backwards, rotating.
Apr 10 17:04:40.002243 osdx OSDxCLI[143320]: User 'admin' executed a new command: 'set date 2025-04-10 17:04:40'.
Apr 10 17:04:40.333746 osdx sudo[159786]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Apr 10 17:04:40.336789 osdx systemd-journald[1983]: Runtime Journal (/run/log/journal/1b38a2acfb83465bb2abfbc9ee1b5d42) is 2.0M, max 15.3M, 13.3M free.
Apr 10 17:04:40.337873 osdx systemd-journald[1983]: Received client request to rotate journal, rotating.
Apr 10 17:04:40.337923 osdx systemd-journald[1983]: Vacuuming done, freed 0B of archived journals from /run/log/journal/1b38a2acfb83465bb2abfbc9ee1b5d42.
Apr 10 17:04:40.340863 osdx sudo[159785]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Apr 10 17:04:40.346361 osdx OSDxCLI[143320]: User 'admin' executed a new command: 'system journal clear'.
Apr 10 17:04:40.575165 osdx sudo[159793]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Apr 10 17:04:40.655712 osdx sudo[159798]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Apr 10 17:04:40.706986 osdx osdx-coredump[159800]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Apr 10 17:04:40.715836 osdx OSDxCLI[143320]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 10 17:04:41.185353 osdx OSDxCLI[143320]: User 'admin' entered the configuration menu.
Apr 10 17:04:41.312787 osdx OSDxCLI[143320]: User 'admin' added a new cfg line: 'set system console log-level info'.
Apr 10 17:04:41.378607 osdx OSDxCLI[143320]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Apr 10 17:04:41.486487 osdx OSDxCLI[143320]: User 'admin' added a new cfg line: 'set system strong-password display'.
Apr 10 17:04:41.553932 osdx OSDxCLI[143320]: User 'admin' added a new cfg line: 'show working'.
Apr 10 17:04:41.660581 osdx ubnt-cfgd[159815]: inactive
Apr 10 17:04:41.715935 osdx INFO[159823]: FRR daemons did not change
Apr 10 17:04:41.717059 osdx modulelauncher[1487]: + Received data: ['143320', 'osdx.utils.xos', 'set_console_log_level', 'info']
Apr 10 17:04:41.742719 osdx OSDxCLI[143320]: Signal 10 received
Apr 10 17:04:41.757439 osdx cfgd[1673]: [143320]Completed change to active configuration
Apr 10 17:04:41.760244 osdx OSDxCLI[143320]: User 'admin' committed the configuration.
Apr 10 17:04:41.792731 osdx OSDxCLI[143320]: User 'admin' left the configuration menu.
Apr 10 17:04:42.032008 osdx OSDxCLI[143320]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Apr 10 17:04:42.032702 osdx OSDxCLI[143320]: pam_unix(cli:session): session closed for user admin
Apr 10 17:04:42.033040 osdx OSDxCLI[143320]: User 'admin' entered the configuration menu.
Apr 10 17:04:42.129216 osdx OSDxCLI[143320]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Apr 10 17:04:42.129660 osdx cfgd[1673]: Execute action [syntax] for node [system ntp authentication-key 1]
Apr 10 17:04:42.148405 osdx OSDxCLI[143320]: pam_unix(cli:session): session closed for user admin
Apr 10 17:04:42.148754 osdx OSDxCLI[143320]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Apr 10 17:04:42.276328 osdx OSDxCLI[143320]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Apr 10 17:04:42.281771 osdx OSDxCLI[143320]: pam_unix(cli:session): session closed for user admin
Apr 10 17:04:42.282234 osdx OSDxCLI[143320]: User 'admin' added a new cfg line: 'show changes'.
Apr 10 17:04:42.342755 osdx OSDxCLI[143320]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Apr 10 17:04:42.354526 osdx ubnt-cfgd[159849]: inactive
Apr 10 17:04:42.414227 osdx cfgd[1673]: [143320]must validation for [system strong-password] was skipped
Apr 10 17:04:42.414374 osdx cfgd[1673]: [143320]must validation for [system login user admin role] was skipped
Apr 10 17:04:42.426942 osdx WARNING[159855]: Short keyboard patterns are easy to guess.
Apr 10 17:04:42.427306 osdx INFO[159855]: Suggestions:
Apr 10 17:04:42.427391 osdx INFO[159855]:   Add another word or two. Uncommon words are better.
Apr 10 17:04:42.427455 osdx INFO[159855]:   Use a longer keyboard pattern with more turns.
Apr 10 17:04:42.427514 osdx INFO[159855]: Crack times (passwords per time):
Apr 10 17:04:42.427576 osdx INFO[159855]:   100 per hour:              centuries
Apr 10 17:04:42.427631 osdx INFO[159855]:   10 per second:             3 months
Apr 10 17:04:42.427727 osdx INFO[159855]:   10.000 per second:         3 hours
Apr 10 17:04:42.427786 osdx INFO[159855]:   10.000.000.000 per second: less than a second
Apr 10 17:04:42.433080 osdx INFO[159857]: FRR daemons did not change
Apr 10 17:04:42.433549 osdx cfgd[1673]: Execute action [end] for node [system ntp]
Apr 10 17:04:42.474195 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Apr 10 17:04:42.481683 osdx ntpd[159864]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Apr 10 17:04:42.481893 osdx ntp-systemd-wrapper[159864]: 2025-04-10T17:04:42 ntpd[159864]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Apr 10 17:04:42.481930 osdx ntpd[159864]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Apr 10 17:04:42.481963 osdx ntp-systemd-wrapper[159864]: 2025-04-10T17:04:42 ntpd[159864]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Apr 10 17:04:42.482570 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Apr 10 17:04:42.483620 osdx cfgd[1673]: [143320]Completed change to active configuration
Apr 10 17:04:42.485453 osdx OSDxCLI[143320]: pam_unix(cli:session): session closed for user admin
Apr 10 17:04:42.485454 osdx ntpd[159866]: INIT: precision = 0.069 usec (-24)
Apr 10 17:04:42.485691 osdx OSDxCLI[143320]: User 'admin' committed the configuration.
Apr 10 17:04:42.486003 osdx ntpd[159866]: INIT: successfully locked into RAM
Apr 10 17:04:42.486016 osdx ntpd[159866]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Apr 10 17:04:42.486045 osdx ntpd[159866]: AUTH: authreadkeys: reading /etc/ntp.keys
Apr 10 17:04:42.486193 osdx ntpd[159866]: AUTH: authreadkeys: added 1 keys
Apr 10 17:04:42.486236 osdx ntpd[159866]: INIT: Using SO_TIMESTAMPNS(ns)
Apr 10 17:04:42.486248 osdx ntpd[159866]: IO: Listen and drop on 0 v6wildcard [::]:123
Apr 10 17:04:42.486261 osdx ntpd[159866]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Apr 10 17:04:42.486602 osdx ntpd[159866]: IO: Listen normally on 2 lo 127.0.0.1:123
Apr 10 17:04:42.486619 osdx ntpd[159866]: IO: Listen normally on 3 lo [::1]:123
Apr 10 17:04:42.486636 osdx ntpd[159866]: IO: Listening on routing socket on fd #20 for interface updates
Apr 10 17:04:42.486642 osdx ntpd[159866]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Apr 10 17:04:42.486691 osdx ntpd[159866]: INIT: Built with OpenSSL 3.0.11 19 Sep 2023, 300000b0
Apr 10 17:04:42.486695 osdx ntpd[159866]: INIT: Running with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Apr 10 17:04:42.487107 osdx ntpd[159866]: NTSc: Using system default root certificates.
Apr 10 17:04:42.510856 osdx OSDxCLI[143320]: User 'admin' left the configuration menu.
Apr 10 17:04:42.635786 osdx OSDxCLI[143320]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---