Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/+r6vD3xP9+H9kosr1kYpKwMuoX9o9QIA=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/+r6vD3xP9+BpW5dLRusy0vOPlbms+TGE=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0 :

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0 :

set system ntp authentication-key 1 encrypted-key U2FsdGVkX18QSICxDH4SWdoWyrA1EEGYwJX5sD0pWhI=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Dec 11 15:08:40.353459 osdx systemd-journald[1970]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 2.1M, max 13.8M, 11.6M free.
Dec 11 15:08:40.356575 osdx systemd-journald[1970]: Received client request to rotate journal, rotating.
Dec 11 15:08:40.356648 osdx systemd-journald[1970]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 15:08:40.363416 osdx OSDxCLI[134803]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 15:08:40.658338 osdx OSDxCLI[134803]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 11 15:08:40.980180 osdx OSDxCLI[134803]: User 'admin' entered the configuration menu.
Dec 11 15:08:41.100673 osdx OSDxCLI[134803]: User 'admin' added a new cfg line: 'set system console log-level info'.
Dec 11 15:08:41.215542 osdx OSDxCLI[134803]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Dec 11 15:08:41.315863 osdx OSDxCLI[134803]: User 'admin' added a new cfg line: 'set system strong-password display'.
Dec 11 15:08:41.402151 osdx OSDxCLI[134803]: User 'admin' added a new cfg line: 'show working'.
Dec 11 15:08:41.495842 osdx ubnt-cfgd[136545]: inactive
Dec 11 15:08:41.514979 osdx INFO[136553]: FRR daemons did not change
Dec 11 15:08:41.516787 osdx modulelauncher[1456]: + Received data: ['134803', 'osdx.utils.xos', 'set_console_log_level', 'info']
Dec 11 15:08:41.536002 osdx OSDxCLI[134803]: Signal 10 received
Dec 11 15:08:41.561568 osdx cfgd[1647]: [134803]Completed change to active configuration
Dec 11 15:08:41.563647 osdx OSDxCLI[134803]: User 'admin' committed the configuration.
Dec 11 15:08:41.581925 osdx OSDxCLI[134803]: User 'admin' left the configuration menu.
Dec 11 15:08:41.761092 osdx OSDxCLI[134803]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Dec 11 15:08:41.761635 osdx OSDxCLI[134803]: pam_unix(cli:session): session closed for user admin
Dec 11 15:08:41.761913 osdx OSDxCLI[134803]: User 'admin' entered the configuration menu.
Dec 11 15:08:41.831648 osdx OSDxCLI[134803]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Dec 11 15:08:41.831890 osdx cfgd[1647]: Execute action [syntax] for node [system ntp authentication-key 1]
Dec 11 15:08:41.850529 osdx OSDxCLI[134803]: pam_unix(cli:session): session closed for user admin
Dec 11 15:08:41.850759 osdx OSDxCLI[134803]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 ******'.
Dec 11 15:08:41.931100 osdx OSDxCLI[134803]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Dec 11 15:08:41.936292 osdx OSDxCLI[134803]: pam_unix(cli:session): session closed for user admin
Dec 11 15:08:41.936515 osdx OSDxCLI[134803]: User 'admin' added a new cfg line: 'show changes'.
Dec 11 15:08:42.007215 osdx OSDxCLI[134803]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Dec 11 15:08:42.014548 osdx ubnt-cfgd[136584]: inactive
Dec 11 15:08:42.026173 osdx cfgd[1647]: [134803]must validation for [system strong-password] was skipped
Dec 11 15:08:42.026229 osdx cfgd[1647]: [134803]must validation for [system login user admin role] was skipped
Dec 11 15:08:42.045293 osdx WARNING[136590]: Short keyboard patterns are easy to guess.
Dec 11 15:08:42.045347 osdx INFO[136590]: Suggestions:
Dec 11 15:08:42.045383 osdx INFO[136590]:   Add another word or two. Uncommon words are better.
Dec 11 15:08:42.045408 osdx INFO[136590]:   Use a longer keyboard pattern with more turns.
Dec 11 15:08:42.045430 osdx INFO[136590]: Crack times (passwords per time):
Dec 11 15:08:42.045451 osdx INFO[136590]:   100 per hour:              centuries
Dec 11 15:08:42.045474 osdx INFO[136590]:   10 per second:             3 months
Dec 11 15:08:42.045529 osdx INFO[136590]:   10.000 per second:         3 hours
Dec 11 15:08:42.045554 osdx INFO[136590]:   10.000.000.000 per second: less than a second
Dec 11 15:08:42.049645 osdx INFO[136592]: FRR daemons did not change
Dec 11 15:08:42.049831 osdx cfgd[1647]: Execute action [end] for node [system ntp]
Dec 11 15:08:42.084908 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Dec 11 15:08:42.090327 osdx ntpd[136599]: INIT: ntpd ntpsec-1.2.2+1-gc8a7dda: Starting
Dec 11 15:08:42.090348 osdx ntpd[136599]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Dec 11 15:08:42.090609 osdx ntp-systemd-wrapper[136599]: 2025-12-11T15:08:42 ntpd[136599]: INIT: ntpd ntpsec-1.2.2+1-gc8a7dda: Starting
Dec 11 15:08:42.090609 osdx ntp-systemd-wrapper[136599]: 2025-12-11T15:08:42 ntpd[136599]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Dec 11 15:08:42.090977 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Dec 11 15:08:42.091827 osdx cfgd[1647]: [134803]Completed change to active configuration
Dec 11 15:08:42.093347 osdx ntpd[136601]: INIT: precision = 0.066 usec (-24)
Dec 11 15:08:42.093680 osdx OSDxCLI[134803]: pam_unix(cli:session): session closed for user admin
Dec 11 15:08:42.093887 osdx OSDxCLI[134803]: User 'admin' committed the configuration.
Dec 11 15:08:42.093899 osdx ntpd[136601]: INIT: successfully locked into RAM
Dec 11 15:08:42.093912 osdx ntpd[136601]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Dec 11 15:08:42.094128 osdx ntpd[136601]: AUTH: authreadkeys: reading /etc/ntp.keys
Dec 11 15:08:42.094313 osdx ntpd[136601]: AUTH: authreadkeys: added 1 keys
Dec 11 15:08:42.094365 osdx ntpd[136601]: INIT: Using SO_TIMESTAMPNS(ns)
Dec 11 15:08:42.094381 osdx ntpd[136601]: IO: Listen and drop on 0 v6wildcard [::]:123
Dec 11 15:08:42.094395 osdx ntpd[136601]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Dec 11 15:08:42.094818 osdx ntpd[136601]: IO: Listen normally on 2 lo 127.0.0.1:123
Dec 11 15:08:42.094839 osdx ntpd[136601]: IO: Listen normally on 3 lo [::1]:123
Dec 11 15:08:42.094857 osdx ntpd[136601]: IO: Listening on routing socket on fd #20 for interface updates
Dec 11 15:08:42.094864 osdx ntpd[136601]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Dec 11 15:08:42.094919 osdx ntpd[136601]: INIT: Built with OpenSSL 3.0.14 4 Jun 2024, 300000e0
Dec 11 15:08:42.094921 osdx ntpd[136601]: INIT: Running with OpenSSL 3.0.17 1 Jul 2025, 30000110
Dec 11 15:08:42.095435 osdx ntpd[136601]: NTSc: Using system default root certificates.
Dec 11 15:08:42.111486 osdx OSDxCLI[134803]: User 'admin' left the configuration menu.
Dec 11 15:08:42.240586 osdx OSDxCLI[134803]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---