Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19qXb2GrrbkJQbzP7CfYARx9IdU5569eDc=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX19qXb2GrrbkJewusaJC7InFi20v0D9EQz4=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX18lsYYvxQGq7ADcbY6fuX3QxndBhJLSzFc=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Oct 20 14:57:05.302850 osdx systemd-journald[1859]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 2.1M, max 13.8M, 11.6M free.
Oct 20 14:57:05.304996 osdx systemd-journald[1859]: Received client request to rotate journal, rotating.
Oct 20 14:57:05.305048 osdx systemd-journald[1859]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de.
Oct 20 14:57:05.313291 osdx OSDxCLI[191655]: User 'admin' executed a new command: 'system journal clear'.
Oct 20 14:57:05.527689 osdx OSDxCLI[191655]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 20 14:57:05.751246 osdx OSDxCLI[191655]: User 'admin' entered the configuration menu.
Oct 20 14:57:05.809517 osdx OSDxCLI[191655]: User 'admin' added a new cfg line: 'set system console log-level info'.
Oct 20 14:57:05.905756 osdx OSDxCLI[191655]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Oct 20 14:57:05.962400 osdx OSDxCLI[191655]: User 'admin' added a new cfg line: 'set system strong-password display'.
Oct 20 14:57:06.068134 osdx OSDxCLI[191655]: User 'admin' added a new cfg line: 'show working'.
Oct 20 14:57:06.124916 osdx ubnt-cfgd[195544]: inactive
Oct 20 14:57:06.142336 osdx INFO[195552]: FRR daemons did not change
Oct 20 14:57:06.143517 osdx modulelauncher[1477]: + Received data: ['191655', 'osdx.utils.xos', 'set_console_log_level', 'info']
Oct 20 14:57:06.163818 osdx OSDxCLI[191655]: Signal 10 received
Oct 20 14:57:06.175273 osdx cfgd[1655]: [191655]Completed change to active configuration
Oct 20 14:57:06.177404 osdx OSDxCLI[191655]: User 'admin' committed the configuration.
Oct 20 14:57:06.195296 osdx OSDxCLI[191655]: User 'admin' left the configuration menu.
Oct 20 14:57:06.358317 osdx OSDxCLI[191655]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Oct 20 14:57:06.358911 osdx OSDxCLI[191655]: pam_unix(cli:session): session closed for user admin
Oct 20 14:57:06.359311 osdx OSDxCLI[191655]: User 'admin' entered the configuration menu.
Oct 20 14:57:06.415814 osdx OSDxCLI[191655]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Oct 20 14:57:06.416162 osdx cfgd[1655]: Execute action [syntax] for node [system ntp authentication-key 1]
Oct 20 14:57:06.450231 osdx OSDxCLI[191655]: pam_unix(cli:session): session closed for user admin
Oct 20 14:57:06.450574 osdx OSDxCLI[191655]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Oct 20 14:57:06.509936 osdx OSDxCLI[191655]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Oct 20 14:57:06.513514 osdx OSDxCLI[191655]: pam_unix(cli:session): session closed for user admin
Oct 20 14:57:06.513745 osdx OSDxCLI[191655]: User 'admin' added a new cfg line: 'show changes'.
Oct 20 14:57:06.606942 osdx OSDxCLI[191655]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Oct 20 14:57:06.615271 osdx ubnt-cfgd[195578]: inactive
Oct 20 14:57:06.624720 osdx cfgd[1655]: [191655]must validation for [system strong-password] was skipped
Oct 20 14:57:06.624770 osdx cfgd[1655]: [191655]must validation for [system login user admin role] was skipped
Oct 20 14:57:06.636313 osdx WARNING[195584]: Short keyboard patterns are easy to guess.
Oct 20 14:57:06.636543 osdx INFO[195584]: Suggestions:
Oct 20 14:57:06.636601 osdx INFO[195584]:   Add another word or two. Uncommon words are better.
Oct 20 14:57:06.636646 osdx INFO[195584]:   Use a longer keyboard pattern with more turns.
Oct 20 14:57:06.636688 osdx INFO[195584]: Crack times (passwords per time):
Oct 20 14:57:06.636732 osdx INFO[195584]:   100 per hour:              centuries
Oct 20 14:57:06.636776 osdx INFO[195584]:   10 per second:             3 months
Oct 20 14:57:06.636844 osdx INFO[195584]:   10.000 per second:         3 hours
Oct 20 14:57:06.636888 osdx INFO[195584]:   10.000.000.000 per second: less than a second
Oct 20 14:57:06.641008 osdx INFO[195586]: FRR daemons did not change
Oct 20 14:57:06.641347 osdx cfgd[1655]: Execute action [end] for node [system ntp]
Oct 20 14:57:06.681259 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Oct 20 14:57:06.686471 osdx ntpd[195593]: INIT: ntpd ntpsec-1.2.2+1-gc8a7dda: Starting
Oct 20 14:57:06.686641 osdx ntp-systemd-wrapper[195593]: 2025-10-20T14:57:06 ntpd[195593]: INIT: ntpd ntpsec-1.2.2+1-gc8a7dda: Starting
Oct 20 14:57:06.686671 osdx ntpd[195593]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Oct 20 14:57:06.686702 osdx ntp-systemd-wrapper[195593]: 2025-10-20T14:57:06 ntpd[195593]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Oct 20 14:57:06.687189 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Oct 20 14:57:06.688179 osdx cfgd[1655]: [191655]Completed change to active configuration
Oct 20 14:57:06.689638 osdx OSDxCLI[191655]: pam_unix(cli:session): session closed for user admin
Oct 20 14:57:06.689870 osdx OSDxCLI[191655]: User 'admin' committed the configuration.
Oct 20 14:57:06.691315 osdx ntpd[195595]: INIT: precision = 0.086 usec (-23)
Oct 20 14:57:06.691950 osdx ntpd[195595]: INIT: successfully locked into RAM
Oct 20 14:57:06.691963 osdx ntpd[195595]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Oct 20 14:57:06.691999 osdx ntpd[195595]: AUTH: authreadkeys: reading /etc/ntp.keys
Oct 20 14:57:06.692188 osdx ntpd[195595]: AUTH: authreadkeys: added 1 keys
Oct 20 14:57:06.692230 osdx ntpd[195595]: INIT: Using SO_TIMESTAMPNS(ns)
Oct 20 14:57:06.692241 osdx ntpd[195595]: IO: Listen and drop on 0 v6wildcard [::]:123
Oct 20 14:57:06.692255 osdx ntpd[195595]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Oct 20 14:57:06.692834 osdx ntpd[195595]: IO: Listen normally on 2 lo 127.0.0.1:123
Oct 20 14:57:06.692852 osdx ntpd[195595]: IO: Listen normally on 3 lo [::1]:123
Oct 20 14:57:06.692870 osdx ntpd[195595]: IO: Listening on routing socket on fd #20 for interface updates
Oct 20 14:57:06.692877 osdx ntpd[195595]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Oct 20 14:57:06.692936 osdx ntpd[195595]: INIT: Built with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Oct 20 14:57:06.692939 osdx ntpd[195595]: INIT: Running with OpenSSL 3.0.16 11 Feb 2025, 30000100
Oct 20 14:57:06.693533 osdx ntpd[195595]: NTSc: Using system default root certificates.
Oct 20 14:57:06.722434 osdx OSDxCLI[191655]: User 'admin' left the configuration menu.
Oct 20 14:57:06.846801 osdx OSDxCLI[191655]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---