Description of problem:

The error message "Password generation failed - required entropy too low for settings" is misleading.

The actual behavior is, it generates password up-to 3 times. If none of them meet the criteria specified in pwquality.conf, it failed with above message.

With above error message, system administrators will try to fiddle with entropy, but no avail.

How about change error message to:

Password generation failed - tried 3 times to meet the criteria in pwquality.conf


Version-Release number of selected component (if applicable):

1.4.4-8

How reproducible:

Whenever pwmake failed to generate password

Steps to Reproduce:
1. Use the following pwquality.conf

  minlen = 15
  ucredit = -1
  dcredit = -1
  maxclassrepeat = 4
  minclass = 4
  maxrepeat = 3
  lcredit = -1
  difok = 8
  ocredit = -1


2. Run pwmake in loop, like

 for ((i=0;i<30;i++)); do pwmake 256  2>&1 >/dev/null  ;done
 

Actual results:

Error: Password generation failed - required entropy too low for settings


Expected results:

Error: Password generation failed - tried 3 times to meet the criteria in pwquality.conf


Additional info:

For Systems that conform STIG V-230360 [1], pwmake cannot always generate passwords that fit the specification in pwquality.conf

1. https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2020-11-25/finding/V-230360