s4-kdc: Improve grammer and clarity of password change failure messages.

This can still be improved further, but avoid mentioning reasons that
clearly do not apply in this case.

Andrew Bartlett

diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index c05ea82318b25832b56f42f6d202d38310a01457..5558794df05c4e2d950a7f0f73e6ae1fd5061078 100644 (file)
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -112,19 +112,18 @@ static bool kpasswd_make_pwchange_reply(struct kdc_server *kdc,
                const char *reject_string;
                switch (reject_reason) {
                case SAM_PWD_CHANGE_PASSWORD_TOO_SHORT:
-                       reject_string = talloc_asprintf(mem_ctx, "Password too short, password must be at least %d characters long",
+                       reject_string = talloc_asprintf(mem_ctx, "Password too short, password must be at least %d characters long.",
                                                        dominfo->min_password_length);
                        break;
                case SAM_PWD_CHANGE_NOT_COMPLEX:
                        reject_string = "Password does not meet complexity requirements";
                        break;
                case SAM_PWD_CHANGE_PWD_IN_HISTORY:
-                       reject_string = talloc_asprintf(mem_ctx, "Password is already in password history, cannot match any of your %d passwords",
+                       reject_string = talloc_asprintf(mem_ctx, "Password is already in password history.  New password must not match any of your %d previous passwords.",
                                                        dominfo->password_history_length);
                        break;
                default:
-                       reject_string = talloc_asprintf(mem_ctx, "Password must be at least %d characters long, and cannot match any of your %d previous passwords",
-                                                       dominfo->min_password_length, dominfo->password_history_length);
+                       reject_string = "Password change rejected, password changes may not be permitted on this account, or the minimum password age may not have elapsed.";
                        break;
                }
                return kpasswdd_make_error_reply(kdc, mem_ctx,