Strong Password
Test suite to check the OSDx password strong-password level
Test Strong Password
Description
A password strength level and a strong password are configured and then attempting to configure a weak password fails.
Scenario
Step 1: Set the following configuration in DUT0 :
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system ntp authentication-key 1 encrypted-key U2FsdGVkX1++U4Z+aumf3+qJ+fS7CS7f2nEWk96sb/k= set system strong-password level 2
Note
This password has a score of 4.
Step 2: Expect a failure in the following command:
Modify the following configuration lines in DUT0 :
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1++U4Z+aumf3yP6U5bm4EaGJLyoeJfDCKs=
Note
This password has a score of 0, which is lower than the strong-password level.
Test Password Display
Description
Check that additional information from the strong-password is displayed correctly
Scenario
Step 1: Set the following configuration in DUT0 :
set system cli configuration logging global info set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system strong-password display set system strong-password level 0
Step 2: Modify the following configuration lines in DUT0 :
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+CtBSI+iNcQOymG5xCidWmeM0u+ImI+7E=
Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:
Show output
May 14 08:03:50.340058 osdx systemd-journald[1971]: Runtime Journal (/run/log/journal/55e011654ca8431a9443eb244bda956e) is 2.3M, max 15.3M, 12.9M free. May 14 08:03:50.340495 osdx systemd-journald[1971]: Received client request to rotate journal, rotating. May 14 08:03:50.340525 osdx systemd-journald[1971]: Vacuuming done, freed 0B of archived journals from /run/log/journal/55e011654ca8431a9443eb244bda956e. May 14 08:03:50.350161 osdx OSDxCLI[2231]: User 'admin' executed a new command: 'system journal clear'. May 14 08:03:50.720699 osdx osdx-coredump[125995]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 14 08:03:50.728273 osdx OSDxCLI[2231]: User 'admin' executed a new command: 'system coredump delete all'. May 14 08:03:51.221589 osdx OSDxCLI[2231]: User 'admin' entered the configuration menu. May 14 08:03:51.323399 osdx OSDxCLI[2231]: User 'admin' added a new cfg line: 'set system console log-level info'. May 14 08:03:51.382443 osdx OSDxCLI[2231]: User 'admin' added a new cfg line: 'set system strong-password level 0'. May 14 08:03:51.479390 osdx OSDxCLI[2231]: User 'admin' added a new cfg line: 'set system strong-password display'. May 14 08:03:51.545823 osdx OSDxCLI[2231]: User 'admin' added a new cfg line: 'show working'. May 14 08:03:51.641803 osdx ubnt-cfgd[126010]: inactive May 14 08:03:51.661724 osdx INFO[126018]: FRR daemons did not change May 14 08:03:51.662663 osdx modulelauncher[1483]: + Received data: ['2231', 'osdx.utils.xos', 'set_console_log_level', 'info'] May 14 08:03:51.684306 osdx OSDxCLI[2231]: Signal 10 received May 14 08:03:51.695722 osdx cfgd[1669]: [2231]Completed change to active configuration May 14 08:03:51.697428 osdx OSDxCLI[2231]: User 'admin' committed the configuration. May 14 08:03:51.715538 osdx OSDxCLI[2231]: User 'admin' left the configuration menu. May 14 08:03:51.887364 osdx OSDxCLI[2231]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) May 14 08:03:51.888044 osdx OSDxCLI[2231]: pam_unix(cli:session): session closed for user admin May 14 08:03:51.888328 osdx OSDxCLI[2231]: User 'admin' entered the configuration menu. May 14 08:03:51.954235 osdx OSDxCLI[2231]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) May 14 08:03:51.954556 osdx cfgd[1669]: Execute action [syntax] for node [system ntp authentication-key 1] May 14 08:03:51.967486 osdx OSDxCLI[2231]: pam_unix(cli:session): session closed for user admin May 14 08:03:51.967733 osdx OSDxCLI[2231]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'. May 14 08:03:52.058067 osdx OSDxCLI[2231]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) May 14 08:03:52.063262 osdx OSDxCLI[2231]: pam_unix(cli:session): session closed for user admin May 14 08:03:52.063488 osdx OSDxCLI[2231]: User 'admin' added a new cfg line: 'show changes'. May 14 08:03:52.115173 osdx OSDxCLI[2231]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000) May 14 08:03:52.123478 osdx ubnt-cfgd[126044]: inactive May 14 08:03:52.135266 osdx cfgd[1669]: [2231]must validation for [system strong-password] was skipped May 14 08:03:52.135322 osdx cfgd[1669]: [2231]must validation for [system login user admin role] was skipped May 14 08:03:52.146853 osdx WARNING[126050]: Short keyboard patterns are easy to guess. May 14 08:03:52.146893 osdx INFO[126050]: Suggestions: May 14 08:03:52.146924 osdx INFO[126050]: Add another word or two. Uncommon words are better. May 14 08:03:52.146945 osdx INFO[126050]: Use a longer keyboard pattern with more turns. May 14 08:03:52.146962 osdx INFO[126050]: Crack times (passwords per time): May 14 08:03:52.146979 osdx INFO[126050]: 100 per hour: centuries May 14 08:03:52.146995 osdx INFO[126050]: 10 per second: 3 months May 14 08:03:52.147045 osdx INFO[126050]: 10.000 per second: 3 hours May 14 08:03:52.147066 osdx INFO[126050]: 10.000.000.000 per second: less than a second May 14 08:03:52.152053 osdx INFO[126052]: FRR daemons did not change May 14 08:03:52.152598 osdx cfgd[1669]: Execute action [end] for node [system ntp] May 14 08:03:52.180492 osdx systemd[1]: Starting ntpsec.service - Network Time Service... May 14 08:03:52.185849 osdx ntpd[126059]: INIT: ntpd ntpsec-1.2.2+1-g8bf3d37: Starting May 14 08:03:52.185870 osdx ntpd[126059]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec May 14 08:03:52.186079 osdx ntp-systemd-wrapper[126059]: 2025-05-14T08:03:52 ntpd[126059]: INIT: ntpd ntpsec-1.2.2+1-g8bf3d37: Starting May 14 08:03:52.186079 osdx ntp-systemd-wrapper[126059]: 2025-05-14T08:03:52 ntpd[126059]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec May 14 08:03:52.186428 osdx systemd[1]: Started ntpsec.service - Network Time Service. May 14 08:03:52.187181 osdx cfgd[1669]: [2231]Completed change to active configuration May 14 08:03:52.188820 osdx OSDxCLI[2231]: pam_unix(cli:session): session closed for user admin May 14 08:03:52.189049 osdx OSDxCLI[2231]: User 'admin' committed the configuration. May 14 08:03:52.189948 osdx ntpd[126061]: INIT: precision = 0.052 usec (-24) May 14 08:03:52.190396 osdx ntpd[126061]: INIT: successfully locked into RAM May 14 08:03:52.190410 osdx ntpd[126061]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf May 14 08:03:52.190438 osdx ntpd[126061]: AUTH: authreadkeys: reading /etc/ntp.keys May 14 08:03:52.190559 osdx ntpd[126061]: AUTH: authreadkeys: added 1 keys May 14 08:03:52.190597 osdx ntpd[126061]: INIT: Using SO_TIMESTAMPNS(ns) May 14 08:03:52.190609 osdx ntpd[126061]: IO: Listen and drop on 0 v6wildcard [::]:123 May 14 08:03:52.190620 osdx ntpd[126061]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 May 14 08:03:52.190948 osdx ntpd[126061]: IO: Listen normally on 2 lo 127.0.0.1:123 May 14 08:03:52.190965 osdx ntpd[126061]: IO: Listen normally on 3 lo [::1]:123 May 14 08:03:52.190980 osdx ntpd[126061]: IO: Listening on routing socket on fd #20 for interface updates May 14 08:03:52.190986 osdx ntpd[126061]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes May 14 08:03:52.191030 osdx ntpd[126061]: INIT: OpenSSL 3.0.14 4 Jun 2024, 300000e0 May 14 08:03:52.191426 osdx ntpd[126061]: NTSc: Using system default root certificates. May 14 08:03:52.210090 osdx OSDxCLI[2231]: User 'admin' left the configuration menu. May 14 08:03:52.333057 osdx OSDxCLI[2231]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)