Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX18YVlA9coS0FvABHvtRpKhXpL9R9vbJNQ4=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX18YVlA9coS0FiID0bGbQP76sr3OdF9KROY=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/FUBrluWaQ1L3Bnuo/KtPqJkHBLbTAMh8=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Apr 06 17:41:44.317833 osdx systemd-journald[1874]: Runtime Journal (/run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1) is 2.1M, max 13.8M, 11.6M free.
Apr 06 17:41:44.319644 osdx systemd-journald[1874]: Received client request to rotate journal, rotating.
Apr 06 17:41:44.319694 osdx systemd-journald[1874]: Vacuuming done, freed 0B of archived journals from /run/log/journal/293dc2aea1d64ce28b6190ec5d49ceb1.
Apr 06 17:41:44.329285 osdx OSDxCLI[96841]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 17:41:44.549610 osdx OSDxCLI[96841]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 06 17:41:44.781329 osdx OSDxCLI[96841]: User 'admin' entered the configuration menu.
Apr 06 17:41:44.877696 osdx OSDxCLI[96841]: User 'admin' added a new cfg line: 'set system console log-level info'.
Apr 06 17:41:44.929303 osdx OSDxCLI[96841]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Apr 06 17:41:45.022588 osdx OSDxCLI[96841]: User 'admin' added a new cfg line: 'set system strong-password display'.
Apr 06 17:41:45.087677 osdx OSDxCLI[96841]: User 'admin' added a new cfg line: 'show working'.
Apr 06 17:41:45.176319 osdx ubnt-cfgd[102878]: inactive
Apr 06 17:41:45.191388 osdx INFO[102886]: FRR daemons did not change
Apr 06 17:41:45.192927 osdx modulelauncher[1488]: + Received data: ['96841', 'osdx.utils.xos', 'set_console_log_level', 'info']
Apr 06 17:41:45.212925 osdx OSDxCLI[96841]: Signal 10 received
Apr 06 17:41:45.237132 osdx cfgd[1668]: [96841]Completed change to active configuration
Apr 06 17:41:45.239355 osdx OSDxCLI[96841]: User 'admin' committed the configuration.
Apr 06 17:41:45.258587 osdx OSDxCLI[96841]: User 'admin' left the configuration menu.
Apr 06 17:41:45.435798 osdx OSDxCLI[96841]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Apr 06 17:41:45.436295 osdx OSDxCLI[96841]: pam_unix(cli:session): session closed for user admin
Apr 06 17:41:45.436500 osdx OSDxCLI[96841]: User 'admin' entered the configuration menu.
Apr 06 17:41:45.492542 osdx OSDxCLI[96841]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Apr 06 17:41:45.492796 osdx cfgd[1668]: Execute action [syntax] for node [system ntp authentication-key 1]
Apr 06 17:41:45.505117 osdx OSDxCLI[96841]: pam_unix(cli:session): session closed for user admin
Apr 06 17:41:45.505333 osdx OSDxCLI[96841]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Apr 06 17:41:45.580592 osdx OSDxCLI[96841]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Apr 06 17:41:45.584639 osdx OSDxCLI[96841]: pam_unix(cli:session): session closed for user admin
Apr 06 17:41:45.584891 osdx OSDxCLI[96841]: User 'admin' added a new cfg line: 'show changes'.
Apr 06 17:41:45.634725 osdx OSDxCLI[96841]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Apr 06 17:41:45.641928 osdx ubnt-cfgd[102917]: inactive
Apr 06 17:41:45.653965 osdx cfgd[1668]: [96841]must validation for [system strong-password] was skipped
Apr 06 17:41:45.654044 osdx cfgd[1668]: [96841]must validation for [system login user admin role] was skipped
Apr 06 17:41:45.665480 osdx WARNING[102923]: Short keyboard patterns are easy to guess.
Apr 06 17:41:45.665522 osdx INFO[102923]: Suggestions:
Apr 06 17:41:45.665546 osdx INFO[102923]:   Add another word or two. Uncommon words are better.
Apr 06 17:41:45.665565 osdx INFO[102923]:   Use a longer keyboard pattern with more turns.
Apr 06 17:41:45.665581 osdx INFO[102923]: Crack times (passwords per time):
Apr 06 17:41:45.665600 osdx INFO[102923]:   100 per hour:              centuries
Apr 06 17:41:45.665617 osdx INFO[102923]:   10 per second:             3 months
Apr 06 17:41:45.665668 osdx INFO[102923]:   10.000 per second:         3 hours
Apr 06 17:41:45.665687 osdx INFO[102923]:   10.000.000.000 per second: less than a second
Apr 06 17:41:45.670104 osdx INFO[102925]: FRR daemons did not change
Apr 06 17:41:45.670285 osdx cfgd[1668]: Execute action [end] for node [system ntp]
Apr 06 17:41:45.711887 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Apr 06 17:41:45.717136 osdx ntpd[102932]: INIT: ntpd ntpsec-1.2.2+1-gc8a7dda: Starting
Apr 06 17:41:45.717152 osdx ntpd[102932]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Apr 06 17:41:45.717343 osdx ntp-systemd-wrapper[102932]: 2026-04-06T17:41:45 ntpd[102932]: INIT: ntpd ntpsec-1.2.2+1-gc8a7dda: Starting
Apr 06 17:41:45.717343 osdx ntp-systemd-wrapper[102932]: 2026-04-06T17:41:45 ntpd[102932]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Apr 06 17:41:45.717605 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Apr 06 17:41:45.718226 osdx cfgd[1668]: [96841]Completed change to active configuration
Apr 06 17:41:45.721317 osdx ntpd[102934]: INIT: precision = 0.135 usec (-23)
Apr 06 17:41:45.721710 osdx OSDxCLI[96841]: pam_unix(cli:session): session closed for user admin
Apr 06 17:41:45.722515 osdx OSDxCLI[96841]: User 'admin' committed the configuration.
Apr 06 17:41:45.722562 osdx ntpd[102934]: INIT: successfully locked into RAM
Apr 06 17:41:45.722589 osdx ntpd[102934]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Apr 06 17:41:45.722668 osdx ntpd[102934]: AUTH: authreadkeys: reading /etc/ntp.keys
Apr 06 17:41:45.723756 osdx ntpd[102934]: AUTH: authreadkeys: added 1 keys
Apr 06 17:41:45.723847 osdx ntpd[102934]: INIT: Using SO_TIMESTAMPNS(ns)
Apr 06 17:41:45.723876 osdx ntpd[102934]: IO: Listen and drop on 0 v6wildcard [::]:123
Apr 06 17:41:45.723905 osdx ntpd[102934]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Apr 06 17:41:45.724705 osdx ntpd[102934]: IO: Listen normally on 2 lo 127.0.0.1:123
Apr 06 17:41:45.724778 osdx ntpd[102934]: IO: Listen normally on 3 lo [::1]:123
Apr 06 17:41:45.724824 osdx ntpd[102934]: IO: Listening on routing socket on fd #20 for interface updates
Apr 06 17:41:45.724839 osdx ntpd[102934]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Apr 06 17:41:45.724949 osdx ntpd[102934]: INIT: Built with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Apr 06 17:41:45.724956 osdx ntpd[102934]: INIT: Running with OpenSSL 3.0.17 1 Jul 2025, 30000110
Apr 06 17:41:45.726106 osdx ntpd[102934]: NTSc: Using system default root certificates.
Apr 06 17:41:45.758756 osdx OSDxCLI[96841]: User 'admin' left the configuration menu.
Apr 06 17:41:45.876915 osdx OSDxCLI[96841]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---