Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19AQCPQ7uqLxYyCHm4xDDg7MuEw6wsC57w=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX19AQCPQ7uqLxcFsOsJKpciUt+GH1RDIwis=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX19teOHrgBS6vWfzIrZWjeDxXzKBSm08TTc=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Jun 20 12:37:51.344407 osdx systemd-journald[1762]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.3M, max 15.3M, 13.0M free.
Jun 20 12:37:51.345240 osdx systemd-journald[1762]: Received client request to rotate journal, rotating.
Jun 20 12:37:51.345287 osdx systemd-journald[1762]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 12:37:51.358879 osdx OSDxCLI[126392]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 12:37:51.685469 osdx OSDxCLI[126392]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 20 12:37:52.059985 osdx OSDxCLI[126392]: User 'admin' entered the configuration menu.
Jun 20 12:37:52.141387 osdx OSDxCLI[126392]: User 'admin' added a new cfg line: 'set system console log-level info'.
Jun 20 12:37:52.280543 osdx OSDxCLI[126392]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Jun 20 12:37:52.413716 osdx OSDxCLI[126392]: User 'admin' added a new cfg line: 'set system strong-password display'.
Jun 20 12:37:52.552242 osdx OSDxCLI[126392]: User 'admin' added a new cfg line: 'show working'.
Jun 20 12:37:52.649185 osdx ubnt-cfgd[127907]: inactive
Jun 20 12:37:52.673276 osdx INFO[127915]: FRR daemons did not change
Jun 20 12:37:52.674359 osdx modulelauncher[1283]: + Received data: ['126392', 'osdx.utils.xos', 'set_console_log_level', 'info']
Jun 20 12:37:52.693040 osdx OSDxCLI[126392]: Signal 10 received
Jun 20 12:37:52.707847 osdx cfgd[1460]: [126392]Completed change to active configuration
Jun 20 12:37:52.710366 osdx OSDxCLI[126392]: User 'admin' committed the configuration.
Jun 20 12:37:52.746325 osdx OSDxCLI[126392]: User 'admin' left the configuration menu.
Jun 20 12:37:53.002596 osdx OSDxCLI[126392]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jun 20 12:37:53.003246 osdx OSDxCLI[126392]: pam_unix(cli:session): session closed for user admin
Jun 20 12:37:53.003619 osdx OSDxCLI[126392]: User 'admin' entered the configuration menu.
Jun 20 12:37:53.133683 osdx OSDxCLI[126392]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jun 20 12:37:53.134112 osdx cfgd[1460]: Execute action [syntax] for node [system ntp authentication-key 1]
Jun 20 12:37:53.154542 osdx OSDxCLI[126392]: pam_unix(cli:session): session closed for user admin
Jun 20 12:37:53.154958 osdx OSDxCLI[126392]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Jun 20 12:37:53.253405 osdx OSDxCLI[126392]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jun 20 12:37:53.259584 osdx OSDxCLI[126392]: pam_unix(cli:session): session closed for user admin
Jun 20 12:37:53.259949 osdx OSDxCLI[126392]: User 'admin' added a new cfg line: 'show changes'.
Jun 20 12:37:53.376449 osdx OSDxCLI[126392]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jun 20 12:37:53.387797 osdx ubnt-cfgd[127941]: inactive
Jun 20 12:37:53.443199 osdx cfgd[1460]: [126392]must validation for [system strong-password] was skipped
Jun 20 12:37:53.443259 osdx cfgd[1460]: [126392]must validation for [system login user admin role] was skipped
Jun 20 12:37:53.455295 osdx WARNING[127947]: Short keyboard patterns are easy to guess.
Jun 20 12:37:53.455595 osdx INFO[127947]: Suggestions:
Jun 20 12:37:53.455663 osdx INFO[127947]:   Add another word or two. Uncommon words are better.
Jun 20 12:37:53.455712 osdx INFO[127947]:   Use a longer keyboard pattern with more turns.
Jun 20 12:37:53.455760 osdx INFO[127947]: Crack times (passwords per time):
Jun 20 12:37:53.455808 osdx INFO[127947]:   100 per hour:              centuries
Jun 20 12:37:53.455853 osdx INFO[127947]:   10 per second:             3 months
Jun 20 12:37:53.455924 osdx INFO[127947]:   10.000 per second:         3 hours
Jun 20 12:37:53.455971 osdx INFO[127947]:   10.000.000.000 per second: less than a second
Jun 20 12:37:53.460856 osdx INFO[127949]: FRR daemons did not change
Jun 20 12:37:53.461237 osdx cfgd[1460]: Execute action [end] for node [system ntp]
Jun 20 12:37:53.501595 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Jun 20 12:37:53.507047 osdx ntpd[127956]: INIT: ntpd ntpsec-1.2.2+1-gc8a7dda: Starting
Jun 20 12:37:53.507250 osdx ntp-systemd-wrapper[127956]: 2025-06-20T12:37:53 ntpd[127956]: INIT: ntpd ntpsec-1.2.2+1-gc8a7dda: Starting
Jun 20 12:37:53.507282 osdx ntpd[127956]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Jun 20 12:37:53.507308 osdx ntp-systemd-wrapper[127956]: 2025-06-20T12:37:53 ntpd[127956]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Jun 20 12:37:53.507808 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Jun 20 12:37:53.508651 osdx cfgd[1460]: [126392]Completed change to active configuration
Jun 20 12:37:53.510234 osdx OSDxCLI[126392]: pam_unix(cli:session): session closed for user admin
Jun 20 12:37:53.510443 osdx OSDxCLI[126392]: User 'admin' committed the configuration.
Jun 20 12:37:53.511765 osdx ntpd[127958]: INIT: precision = 0.052 usec (-24)
Jun 20 12:37:53.512211 osdx ntpd[127958]: INIT: successfully locked into RAM
Jun 20 12:37:53.512224 osdx ntpd[127958]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Jun 20 12:37:53.512251 osdx ntpd[127958]: AUTH: authreadkeys: reading /etc/ntp.keys
Jun 20 12:37:53.512378 osdx ntpd[127958]: AUTH: authreadkeys: added 1 keys
Jun 20 12:37:53.512412 osdx ntpd[127958]: INIT: Using SO_TIMESTAMPNS(ns)
Jun 20 12:37:53.512421 osdx ntpd[127958]: IO: Listen and drop on 0 v6wildcard [::]:123
Jun 20 12:37:53.512433 osdx ntpd[127958]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Jun 20 12:37:53.512777 osdx ntpd[127958]: IO: Listen normally on 2 lo 127.0.0.1:123
Jun 20 12:37:53.512790 osdx ntpd[127958]: IO: Listen normally on 3 lo [::1]:123
Jun 20 12:37:53.512806 osdx ntpd[127958]: IO: Listening on routing socket on fd #20 for interface updates
Jun 20 12:37:53.512811 osdx ntpd[127958]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Jun 20 12:37:53.512860 osdx ntpd[127958]: INIT: Built with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Jun 20 12:37:53.512862 osdx ntpd[127958]: INIT: Running with OpenSSL 3.0.16 11 Feb 2025, 30000100
Jun 20 12:37:53.513284 osdx ntpd[127958]: NTSc: Using system default root certificates.
Jun 20 12:37:53.537668 osdx OSDxCLI[126392]: User 'admin' left the configuration menu.
Jun 20 12:37:53.666054 osdx OSDxCLI[126392]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---