s4-kdc: Improve grammer and clarity of password change failure messages.

This can still be improved further, but avoid mentioning reasons that
clearly do not apply in this case.

Andrew Bartlett

1 files changed, 3 insertions, 4 deletions

diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index c05ea82318..5558794df0 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -112,19 +112,18 @@ static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc,
 		const char *reject_string;
 		switch (reject_reason) {
 		case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
-			reject_string = talloc_asprintf(mem_ctx, "Password too short, password must be at least %d characters long",
+			reject_string = talloc_asprintf(mem_ctx, "Password too short, password must be at least %d characters long.",
 							dominfo->min_password_length);
 			break;
 		case SAM_PWD_CHANGE_NOT_COMPLEX:
 			reject_string = "Password does not meet complexity requirements";
 			break;
 		case SAM_PWD_CHANGE_PWD_IN_HISTORY:
-			reject_string = talloc_asprintf(mem_ctx, "Password is already in password history, cannot match any of your %d passwords",
+			reject_string = talloc_asprintf(mem_ctx, "Password is already in password history.  New password must not match any of your %d previous passwords.",
 							dominfo->password_history_length);
 			break;
 		default:
-			reject_string = talloc_asprintf(mem_ctx, "Password must be at least %d characters long, and cannot match any of your %d previous passwords",
-							dominfo->min_password_length, dominfo->password_history_length);
+			reject_string = "Password change rejected, password changes may not be permitted on this account, or the minimum password age may not have elapsed.";
 			break;
 		}
 		return kpasswdd_make_error_reply(kdc, mem_ctx,