Description of problem:

The error message "Password generation failed - required entropy too low for settings" is misleading.

The actual behavior is, it generates password up-to 3 times. If none of them meet the criteria specified in pwquality.conf, it failed with above message.

With above error message, system administrators will try to fiddle with entropy, but no avail.

How about change error message to:

Password generation failed - tried 3 times to meet the criteria in pwquality.conf

Version-Release number of selected component (if applicable):

1.4.4-8

How reproducible:

Whenever pwmake failed to generate password

Steps to Reproduce:
1. Use the following pwquality.conf

minlen = 15
ucredit = -1
dcredit = -1
maxclassrepeat = 4
minclass = 4
maxrepeat = 3
lcredit = -1
difok = 8
ocredit = -1

2. Run pwmake in loop, like

for ((i=0;i<30;i++)); do pwmake 256 2>&1 >/dev/null ;done

Actual results:

Error: Password generation failed - required entropy too low for settings

Expected results:

Error: Password generation failed - tried 3 times to meet the criteria in pwquality.conf

Additional info:

For Systems that conform STIG V-230360 [1], pwmake cannot always generate passwords that fit the specification in pwquality.conf

1. https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2020-11-25/finding/V-230360