Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19ukuKumK88ltXI8KSVXtpT+9CgzJk2Z58=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX19ukuKumK88lkZ29U5V/wafGgm/fhtl/ek=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1+Ox5CxHxRNITO35JByUnZZVB3InhnZW0I=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Jun 25 12:19:33.289009 osdx systemd-journald[56122]: Runtime Journal (/run/log/journal/af01d4ed6eb1488ea817da6aeebe5df1) is 2.4M, max 15.3M, 12.9M free.
Jun 25 12:19:33.289649 osdx systemd-journald[56122]: Received client request to rotate journal, rotating.
Jun 25 12:19:33.289689 osdx systemd-journald[56122]: Vacuuming done, freed 0B of archived journals from /run/log/journal/af01d4ed6eb1488ea817da6aeebe5df1.
Jun 25 12:19:33.294026 osdx sudo[60553]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 25 12:19:33.301782 osdx OSDxCLI[59138]: User 'admin' executed a new command: 'system journal clear'.
Jun 25 12:19:33.506164 osdx OSDxCLI[59138]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 25 12:19:33.727482 osdx OSDxCLI[59138]: User 'admin' entered the configuration menu.
Jun 25 12:19:33.786474 osdx OSDxCLI[59138]: User 'admin' added a new cfg line: 'set system console log-level info'.
Jun 25 12:19:33.885058 osdx OSDxCLI[59138]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Jun 25 12:19:33.942975 osdx OSDxCLI[59138]: User 'admin' added a new cfg line: 'set system strong-password display'.
Jun 25 12:19:34.051619 osdx OSDxCLI[59138]: User 'admin' added a new cfg line: 'show working'.
Jun 25 12:19:34.116545 osdx ubnt-cfgd[60575]: inactive
Jun 25 12:19:34.137875 osdx INFO[60583]: FRR daemons did not change
Jun 25 12:19:34.138839 osdx modulelauncher[1287]: + Received data: ['59138', 'osdx.utils.xos', 'set_console_log_level', 'info']
Jun 25 12:19:34.157652 osdx OSDxCLI[59138]: Signal 10 received
Jun 25 12:19:34.170137 osdx cfgd[1464]: [59138]Completed change to active configuration
Jun 25 12:19:34.171870 osdx OSDxCLI[59138]: User 'admin' committed the configuration.
Jun 25 12:19:34.189615 osdx OSDxCLI[59138]: User 'admin' left the configuration menu.
Jun 25 12:19:34.354149 osdx OSDxCLI[59138]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jun 25 12:19:34.354681 osdx OSDxCLI[59138]: pam_unix(cli:session): session closed for user admin
Jun 25 12:19:34.355001 osdx OSDxCLI[59138]: User 'admin' entered the configuration menu.
Jun 25 12:19:34.413742 osdx OSDxCLI[59138]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jun 25 12:19:34.414060 osdx cfgd[1464]: Execute action [syntax] for node [system ntp authentication-key 1]
Jun 25 12:19:34.447304 osdx OSDxCLI[59138]: pam_unix(cli:session): session closed for user admin
Jun 25 12:19:34.447602 osdx OSDxCLI[59138]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Jun 25 12:19:34.501574 osdx OSDxCLI[59138]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jun 25 12:19:34.506756 osdx OSDxCLI[59138]: pam_unix(cli:session): session closed for user admin
Jun 25 12:19:34.507023 osdx OSDxCLI[59138]: User 'admin' added a new cfg line: 'show changes'.
Jun 25 12:19:34.590714 osdx OSDxCLI[59138]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jun 25 12:19:34.601246 osdx ubnt-cfgd[60609]: inactive
Jun 25 12:19:34.613538 osdx cfgd[1464]: [59138]must validation for [system strong-password] was skipped
Jun 25 12:19:34.613607 osdx cfgd[1464]: [59138]must validation for [system login user admin role] was skipped
Jun 25 12:19:34.624941 osdx WARNING[60615]: Short keyboard patterns are easy to guess.
Jun 25 12:19:34.625187 osdx INFO[60615]: Suggestions:
Jun 25 12:19:34.625247 osdx INFO[60615]:   Add another word or two. Uncommon words are better.
Jun 25 12:19:34.625297 osdx INFO[60615]:   Use a longer keyboard pattern with more turns.
Jun 25 12:19:34.625338 osdx INFO[60615]: Crack times (passwords per time):
Jun 25 12:19:34.625378 osdx INFO[60615]:   100 per hour:              centuries
Jun 25 12:19:34.625419 osdx INFO[60615]:   10 per second:             3 months
Jun 25 12:19:34.625490 osdx INFO[60615]:   10.000 per second:         3 hours
Jun 25 12:19:34.625535 osdx INFO[60615]:   10.000.000.000 per second: less than a second
Jun 25 12:19:34.629518 osdx INFO[60617]: FRR daemons did not change
Jun 25 12:19:34.629864 osdx cfgd[1464]: Execute action [end] for node [system ntp]
Jun 25 12:19:34.669902 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Jun 25 12:19:34.675173 osdx ntpd[60624]: INIT: ntpd ntpsec-1.2.2+1-g8bf3d37: Starting
Jun 25 12:19:34.675343 osdx ntp-systemd-wrapper[60624]: 2025-06-25T12:19:34 ntpd[60624]: INIT: ntpd ntpsec-1.2.2+1-g8bf3d37: Starting
Jun 25 12:19:34.675380 osdx ntpd[60624]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Jun 25 12:19:34.675410 osdx ntp-systemd-wrapper[60624]: 2025-06-25T12:19:34 ntpd[60624]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Jun 25 12:19:34.675898 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Jun 25 12:19:34.676984 osdx cfgd[1464]: [59138]Completed change to active configuration
Jun 25 12:19:34.678469 osdx OSDxCLI[59138]: pam_unix(cli:session): session closed for user admin
Jun 25 12:19:34.678675 osdx OSDxCLI[59138]: User 'admin' committed the configuration.
Jun 25 12:19:34.679720 osdx ntpd[60626]: INIT: precision = 0.085 usec (-23)
Jun 25 12:19:34.680372 osdx ntpd[60626]: INIT: successfully locked into RAM
Jun 25 12:19:34.680386 osdx ntpd[60626]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Jun 25 12:19:34.680422 osdx ntpd[60626]: AUTH: authreadkeys: reading /etc/ntp.keys
Jun 25 12:19:34.680626 osdx ntpd[60626]: AUTH: authreadkeys: added 1 keys
Jun 25 12:19:34.680669 osdx ntpd[60626]: INIT: Using SO_TIMESTAMPNS(ns)
Jun 25 12:19:34.680680 osdx ntpd[60626]: IO: Listen and drop on 0 v6wildcard [::]:123
Jun 25 12:19:34.680694 osdx ntpd[60626]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Jun 25 12:19:34.681203 osdx ntpd[60626]: IO: Listen normally on 2 lo 127.0.0.1:123
Jun 25 12:19:34.681219 osdx ntpd[60626]: IO: Listen normally on 3 lo [::1]:123
Jun 25 12:19:34.681237 osdx ntpd[60626]: IO: Listening on routing socket on fd #20 for interface updates
Jun 25 12:19:34.681245 osdx ntpd[60626]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Jun 25 12:19:34.681304 osdx ntpd[60626]: INIT: Built with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Jun 25 12:19:34.681307 osdx ntpd[60626]: INIT: Running with OpenSSL 3.0.16 11 Feb 2025, 30000100
Jun 25 12:19:34.681902 osdx ntpd[60626]: NTSc: Using system default root certificates.
Jun 25 12:19:34.718034 osdx OSDxCLI[59138]: User 'admin' left the configuration menu.
Jun 25 12:19:34.820692 osdx OSDxCLI[59138]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---