Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19sWAMunF2/FtmQFlkRoTFtiHyYtfqNzxI=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX19sWAMunF2/Fh9xvkUMTk0inAGiMeSm5ko=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/824FHZtxENaDaydmeMBakjwUyqP3KqeA=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Mar 24 09:09:28.313182 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 2.1M, max 13.8M, 11.6M free.
Mar 24 09:09:28.313781 osdx systemd-journald[1775]: Received client request to rotate journal, rotating.
Mar 24 09:09:28.313828 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242.
Mar 24 09:09:28.325576 osdx OSDxCLI[2076]: User 'admin' executed a new command: 'system journal clear'.
Mar 24 09:09:28.538418 osdx OSDxCLI[2076]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 24 09:09:28.760850 osdx OSDxCLI[2076]: User 'admin' entered the configuration menu.
Mar 24 09:09:28.820642 osdx OSDxCLI[2076]: User 'admin' added a new cfg line: 'set system console log-level info'.
Mar 24 09:09:28.923625 osdx OSDxCLI[2076]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Mar 24 09:09:28.981874 osdx OSDxCLI[2076]: User 'admin' added a new cfg line: 'set system strong-password display'.
Mar 24 09:09:29.092304 osdx OSDxCLI[2076]: User 'admin' added a new cfg line: 'show working'.
Mar 24 09:09:29.160707 osdx ubnt-cfgd[4801]: inactive
Mar 24 09:09:29.176277 osdx INFO[4809]: FRR daemons did not change
Mar 24 09:09:29.177189 osdx modulelauncher[1297]: + Received data: ['2076', 'osdx.utils.xos', 'set_console_log_level', 'info']
Mar 24 09:09:29.196403 osdx OSDxCLI[2076]: Signal 10 received
Mar 24 09:09:29.209329 osdx cfgd[1474]: [2076]Completed change to active configuration
Mar 24 09:09:29.211149 osdx OSDxCLI[2076]: User 'admin' committed the configuration.
Mar 24 09:09:29.243934 osdx OSDxCLI[2076]: User 'admin' left the configuration menu.
Mar 24 09:09:29.436457 osdx OSDxCLI[2076]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 24 09:09:29.436985 osdx OSDxCLI[2076]: pam_unix(cli:session): session closed for user admin
Mar 24 09:09:29.437223 osdx OSDxCLI[2076]: User 'admin' entered the configuration menu.
Mar 24 09:09:29.520319 osdx OSDxCLI[2076]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 24 09:09:29.520704 osdx cfgd[1474]: Execute action [syntax] for node [system ntp authentication-key 1]
Mar 24 09:09:29.550999 osdx OSDxCLI[2076]: pam_unix(cli:session): session closed for user admin
Mar 24 09:09:29.551329 osdx OSDxCLI[2076]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Mar 24 09:09:29.629816 osdx OSDxCLI[2076]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 24 09:09:29.633528 osdx OSDxCLI[2076]: pam_unix(cli:session): session closed for user admin
Mar 24 09:09:29.633742 osdx OSDxCLI[2076]: User 'admin' added a new cfg line: 'show changes'.
Mar 24 09:09:29.780255 osdx OSDxCLI[2076]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Mar 24 09:09:29.787033 osdx ubnt-cfgd[4835]: inactive
Mar 24 09:09:29.798197 osdx cfgd[1474]: [2076]must validation for [system strong-password] was skipped
Mar 24 09:09:29.798251 osdx cfgd[1474]: [2076]must validation for [system login user admin role] was skipped
Mar 24 09:09:29.815679 osdx WARNING[4841]: Short keyboard patterns are easy to guess.
Mar 24 09:09:29.816033 osdx INFO[4841]: Suggestions:
Mar 24 09:09:29.816112 osdx INFO[4841]:   Add another word or two. Uncommon words are better.
Mar 24 09:09:29.816174 osdx INFO[4841]:   Use a longer keyboard pattern with more turns.
Mar 24 09:09:29.816241 osdx INFO[4841]: Crack times (passwords per time):
Mar 24 09:09:29.816298 osdx INFO[4841]:   100 per hour:              centuries
Mar 24 09:09:29.816358 osdx INFO[4841]:   10 per second:             3 months
Mar 24 09:09:29.816449 osdx INFO[4841]:   10.000 per second:         3 hours
Mar 24 09:09:29.816509 osdx INFO[4841]:   10.000.000.000 per second: less than a second
Mar 24 09:09:29.821918 osdx INFO[4843]: FRR daemons did not change
Mar 24 09:09:29.822385 osdx cfgd[1474]: Execute action [end] for node [system ntp]
Mar 24 09:09:29.865741 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Mar 24 09:09:29.871808 osdx ntpd[4850]: INIT: ntpd ntpsec-1.2.2+1-g8bf3d37: Starting
Mar 24 09:09:29.872091 osdx ntp-systemd-wrapper[4850]: 2026-03-24T09:09:29 ntpd[4850]: INIT: ntpd ntpsec-1.2.2+1-g8bf3d37: Starting
Mar 24 09:09:29.872137 osdx ntpd[4850]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Mar 24 09:09:29.872175 osdx ntp-systemd-wrapper[4850]: 2026-03-24T09:09:29 ntpd[4850]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Mar 24 09:09:29.872882 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Mar 24 09:09:29.873999 osdx cfgd[1474]: [2076]Completed change to active configuration
Mar 24 09:09:29.875774 osdx OSDxCLI[2076]: pam_unix(cli:session): session closed for user admin
Mar 24 09:09:29.875962 osdx ntpd[4852]: INIT: precision = 0.075 usec (-24)
Mar 24 09:09:29.876070 osdx OSDxCLI[2076]: User 'admin' committed the configuration.
Mar 24 09:09:29.876795 osdx ntpd[4852]: INIT: successfully locked into RAM
Mar 24 09:09:29.876813 osdx ntpd[4852]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Mar 24 09:09:29.876856 osdx ntpd[4852]: AUTH: authreadkeys: reading /etc/ntp.keys
Mar 24 09:09:29.877055 osdx ntpd[4852]: AUTH: authreadkeys: added 1 keys
Mar 24 09:09:29.877103 osdx ntpd[4852]: INIT: Using SO_TIMESTAMPNS(ns)
Mar 24 09:09:29.877115 osdx ntpd[4852]: IO: Listen and drop on 0 v6wildcard [::]:123
Mar 24 09:09:29.877129 osdx ntpd[4852]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Mar 24 09:09:29.877568 osdx ntpd[4852]: IO: Listen normally on 2 lo 127.0.0.1:123
Mar 24 09:09:29.877586 osdx ntpd[4852]: IO: Listen normally on 3 lo [::1]:123
Mar 24 09:09:29.877612 osdx ntpd[4852]: IO: Listening on routing socket on fd #20 for interface updates
Mar 24 09:09:29.877620 osdx ntpd[4852]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Mar 24 09:09:29.877681 osdx ntpd[4852]: INIT: Built with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Mar 24 09:09:29.877686 osdx ntpd[4852]: INIT: Running with OpenSSL 3.0.16 11 Feb 2025, 30000100
Mar 24 09:09:29.878263 osdx ntpd[4852]: NTSc: Using system default root certificates.
Mar 24 09:09:29.907156 osdx OSDxCLI[2076]: User 'admin' left the configuration menu.
Mar 24 09:09:30.052451 osdx OSDxCLI[2076]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---