pam.policy.violation.mesg
This configuration parameter specifies the message displayed during password change if the operation fails because of a domain password policy violation. For example, if the user attempts to enter a password that doesn’t contain the minimum number of characters or doesn’t meet complexity requirements, this message is displayed.
For example:
pam.policy.violation.mesg: \ The password change operation failed due to a policy restriction set by the Active Directory administrator. This may be due to the new password length, lack of complexity or a minimum age for the current password.