PAM-UI-2423: You are required to change your password as either your LDAP password or password policy has been reset.
And the user is prompted to change its password. Once it does it, it works until the next logout/login, when the user must log in again with the password it changed last time, and gets prompted to change the password again
CA PAM 4.0.X / 4.1.X
Possibly present as well in other versions