Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX190nJ51A0bAo+2ysxQuSCLF7idtZUgMnv0=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX190nJ51A0bAoxZg3Gy0qtbg82dRWPf2fzs=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1886pqfUErn458EgO2W0Hqi8tqOAsSnbpo=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Sep 05 14:05:48.302011 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 2.2M, max 13.8M, 11.5M free.
Sep 05 14:05:48.303626 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:05:48.303673 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:05:48.305979 osdx sudo[134986]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:05:48.312200 osdx OSDxCLI[132067]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:05:48.520704 osdx OSDxCLI[132067]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:05:48.762750 osdx OSDxCLI[132067]: User 'admin' entered the configuration menu.
Sep 05 14:05:48.834578 osdx OSDxCLI[132067]: User 'admin' added a new cfg line: 'set system console log-level info'.
Sep 05 14:05:48.947829 osdx OSDxCLI[132067]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Sep 05 14:05:49.026318 osdx OSDxCLI[132067]: User 'admin' added a new cfg line: 'set system strong-password display'.
Sep 05 14:05:49.136991 osdx OSDxCLI[132067]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:05:49.210897 osdx ubnt-cfgd[135008]: inactive
Sep 05 14:05:49.229411 osdx INFO[135016]: FRR daemons did not change
Sep 05 14:05:49.230208 osdx modulelauncher[1286]: + Received data: ['132067', 'osdx.utils.xos', 'set_console_log_level', 'info']
Sep 05 14:05:49.250048 osdx OSDxCLI[132067]: Signal 10 received
Sep 05 14:05:49.264220 osdx cfgd[1463]: [132067]Completed change to active configuration
Sep 05 14:05:49.265933 osdx OSDxCLI[132067]: User 'admin' committed the configuration.
Sep 05 14:05:49.296293 osdx OSDxCLI[132067]: User 'admin' left the configuration menu.
Sep 05 14:05:49.485213 osdx OSDxCLI[132067]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Sep 05 14:05:49.485767 osdx OSDxCLI[132067]: pam_unix(cli:session): session closed for user admin
Sep 05 14:05:49.486014 osdx OSDxCLI[132067]: User 'admin' entered the configuration menu.
Sep 05 14:05:49.544245 osdx OSDxCLI[132067]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Sep 05 14:05:49.544538 osdx cfgd[1463]: Execute action [syntax] for node [system ntp authentication-key 1]
Sep 05 14:05:49.557277 osdx OSDxCLI[132067]: pam_unix(cli:session): session closed for user admin
Sep 05 14:05:49.557634 osdx OSDxCLI[132067]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Sep 05 14:05:49.633928 osdx OSDxCLI[132067]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Sep 05 14:05:49.642209 osdx OSDxCLI[132067]: pam_unix(cli:session): session closed for user admin
Sep 05 14:05:49.642579 osdx OSDxCLI[132067]: User 'admin' added a new cfg line: 'show changes'.
Sep 05 14:05:49.696404 osdx OSDxCLI[132067]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Sep 05 14:05:49.705230 osdx ubnt-cfgd[135042]: inactive
Sep 05 14:05:49.715794 osdx cfgd[1463]: [132067]must validation for [system strong-password] was skipped
Sep 05 14:05:49.715847 osdx cfgd[1463]: [132067]must validation for [system login user admin role] was skipped
Sep 05 14:05:49.727590 osdx WARNING[135048]: Short keyboard patterns are easy to guess.
Sep 05 14:05:49.727905 osdx INFO[135048]: Suggestions:
Sep 05 14:05:49.727985 osdx INFO[135048]:   Add another word or two. Uncommon words are better.
Sep 05 14:05:49.728040 osdx INFO[135048]:   Use a longer keyboard pattern with more turns.
Sep 05 14:05:49.728084 osdx INFO[135048]: Crack times (passwords per time):
Sep 05 14:05:49.728130 osdx INFO[135048]:   100 per hour:              centuries
Sep 05 14:05:49.728171 osdx INFO[135048]:   10 per second:             3 months
Sep 05 14:05:49.728254 osdx INFO[135048]:   10.000 per second:         3 hours
Sep 05 14:05:49.728299 osdx INFO[135048]:   10.000.000.000 per second: less than a second
Sep 05 14:05:49.732708 osdx INFO[135050]: FRR daemons did not change
Sep 05 14:05:49.733052 osdx cfgd[1463]: Execute action [end] for node [system ntp]
Sep 05 14:05:49.775982 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Sep 05 14:05:49.781545 osdx ntpd[135057]: INIT: ntpd ntpsec-1.2.2+1-gc8a7dda: Starting
Sep 05 14:05:49.781717 osdx ntp-systemd-wrapper[135057]: 2025-09-05T14:05:49 ntpd[135057]: INIT: ntpd ntpsec-1.2.2+1-gc8a7dda: Starting
Sep 05 14:05:49.781750 osdx ntpd[135057]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Sep 05 14:05:49.781781 osdx ntp-systemd-wrapper[135057]: 2025-09-05T14:05:49 ntpd[135057]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Sep 05 14:05:49.782437 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Sep 05 14:05:49.783195 osdx cfgd[1463]: [132067]Completed change to active configuration
Sep 05 14:05:49.784920 osdx OSDxCLI[132067]: pam_unix(cli:session): session closed for user admin
Sep 05 14:05:49.785147 osdx OSDxCLI[132067]: User 'admin' committed the configuration.
Sep 05 14:05:49.785386 osdx ntpd[135059]: INIT: precision = 0.051 usec (-24)
Sep 05 14:05:49.785891 osdx ntpd[135059]: INIT: successfully locked into RAM
Sep 05 14:05:49.785907 osdx ntpd[135059]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Sep 05 14:05:49.785942 osdx ntpd[135059]: AUTH: authreadkeys: reading /etc/ntp.keys
Sep 05 14:05:49.786125 osdx ntpd[135059]: AUTH: authreadkeys: added 1 keys
Sep 05 14:05:49.786170 osdx ntpd[135059]: INIT: Using SO_TIMESTAMPNS(ns)
Sep 05 14:05:49.786188 osdx ntpd[135059]: IO: Listen and drop on 0 v6wildcard [::]:123
Sep 05 14:05:49.786203 osdx ntpd[135059]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Sep 05 14:05:49.786674 osdx ntpd[135059]: IO: Listen normally on 2 lo 127.0.0.1:123
Sep 05 14:05:49.786698 osdx ntpd[135059]: IO: Listen normally on 3 lo [::1]:123
Sep 05 14:05:49.786723 osdx ntpd[135059]: IO: Listening on routing socket on fd #20 for interface updates
Sep 05 14:05:49.786731 osdx ntpd[135059]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Sep 05 14:05:49.786788 osdx ntpd[135059]: INIT: Built with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Sep 05 14:05:49.786794 osdx ntpd[135059]: INIT: Running with OpenSSL 3.0.16 11 Feb 2025, 30000100
Sep 05 14:05:49.787325 osdx ntpd[135059]: NTSc: Using system default root certificates.
Sep 05 14:05:49.802094 osdx OSDxCLI[132067]: User 'admin' left the configuration menu.
Sep 05 14:05:49.934674 osdx OSDxCLI[132067]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---