pam.policy.violation.mesg

This configuration parameter specifies the message displayed during password change if the operation fails because of a domain password policy violation. For example, if the user attempts to enter a password that doesn’t contain the minimum number of characters or doesn’t meet complexity requirements, this message is displayed.

For example:

pam.policy.violation.mesg: \
The password change operation failed due to a policy restriction set by the Active Directory administrator.
This may be due to the new password length, lack of complexity or a minimum age for the current password.