Add test for password authentication

Question

Add test for password authentication

bgilbert opened this issue 3 years ago · 3 comments

Add a test that provisions a user password via Ignition (replicating docs) and checks that the password works for local login. (We should be able to do that from the command line, without adding new functionality to kola.)

Perhaps we should also test that the passwd command creates a yescrypt password hash (i.e., one starting with $y$ ).

Answer 1 · 2021-08-24T21:19:12.000Z

Add a test that provisions a user password via Ignition (replicating docs) and checks that the password works for local login.

This particular part might be a bit tricky if we want to test SSH with password. AFAIU we'd need the sshpass utility. Maybe just verifying via a local su - is enough?

Answer 2 · 2021-08-24T21:26:38.000Z

something like: echo 'mypassword' | sudo --stdin -u testuser id

Answer 3 · 2021-08-24T23:07:56.000Z

I was thinking we'd primarily want to test local login, but it probably wouldn't hurt to test SSH for people who want to enable that. For the latter, we could add an internal kola test that uses SSHAgent.NewPasswordClient().

That sudo command will check the password for the core user, not testuser. And since core is in the sudo group, we won't get a password prompt by default. echo password | setsid su - testuser should work.

(su falls back to stdin if there's no controlling terminal, and setsid ensures there isn't one.)