Issue

Description of problem: The error message "Password generation failed - required entropy too low for settings" is misleading. The actual behavior is, it generates password up-to 3 times. If none of them meet the criteria specified in pwquality.conf, it failed with above message. With above error message, system administrators will try to fiddle with entropy, but no avail. How about change error message to: Password generation failed - tried 3 times to meet the criteria in pwquality.conf Version-Release number of selected component (if applicable): 1.4.4-8 How reproducible: Whenever pwmake failed to generate password Steps to Reproduce: 1. Use the following pwquality.conf minlen = 15 ucredit = -1 dcredit = -1 maxclassrepeat = 4 minclass = 4 maxrepeat = 3 lcredit = -1 difok = 8 ocredit = -1 2. Run pwmake in loop, like for ((i=0;i<30;i++)); do pwmake 256 2>&1 >/dev/null ;done Actual results: Error: Password generation failed - required entropy too low for settings Expected results: Error: Password generation failed - tried 3 times to meet the criteria in pwquality.conf Additional info: For Systems that conform STIG V-230360 [1], pwmake cannot always generate passwords that fit the specification in pwquality.conf 1. https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2020-11-25/finding/V-230360

Release Notes

No. of Comments

Resolution

Won't Do