Issue
Description of problem:
The error message "Password generation failed - required entropy too low for settings" is misleading.
The actual behavior is, it generates password up-to 3 times. If none of them meet the criteria specified in pwquality.conf, it failed with above message.
With above error message, system administrators will try to fiddle with entropy, but no avail.
How about change error message to:
Password generation failed - tried 3 times to meet the criteria in pwquality.conf
Version-Release number of selected component (if applicable):
1.4.4-8
How reproducible:
Whenever pwmake failed to generate password
Steps to Reproduce:
1. Use the following pwquality.conf
minlen = 15
ucredit = -1
dcredit = -1
maxclassrepeat = 4
minclass = 4
maxrepeat = 3
lcredit = -1
difok = 8
ocredit = -1
2. Run pwmake in loop, like
for ((i=0;i<30;i++)); do pwmake 256 2>&1 >/dev/null ;done
Actual results:
Error: Password generation failed - required entropy too low for settings
Expected results:
Error: Password generation failed - tried 3 times to meet the criteria in pwquality.conf
Additional info:
For Systems that conform STIG V-230360 [1], pwmake cannot always generate passwords that fit the specification in pwquality.conf
1. https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2020-11-25/finding/V-230360
