Relevant BUGIDs: none

Purpose of commit: new feature

Commit summary:
---------------

Mark message strings for translation

10 files changed, 108 insertions, 89 deletions

diff --git a/config.h.in b/config.h.in
index acf6c435..d9c445b3 100644
--- a/config.h.in
+++ b/config.h.in
@@ -243,6 +243,15 @@
    `char[]'. */
 #undef YYTEXT_POINTER
 
+#ifdef ENABLE_NLS
+#include <libintl.h>
+#define _(msgid) dgettext("Linux-PAM", msgid)
+#define N_(msgid) msgid
+#else
+#define _(msgid) (msgid)
+#define N_(msgid) msgid
+#endif /* ENABLE_NLS */
+
 #ifdef MEMORY_DEBUG
 /*
  * this is basically a hack - we need to include a semiarbitrary
diff --git a/configure b/configure
index 389997c7..308e2c4a 100755
--- a/configure
+++ b/configure
@@ -7615,6 +7615,9 @@ fi
 
 
 
+
+
+
           ac_config_files="$ac_config_files Make.Rules"
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
diff --git a/configure.in b/configure.in
index 59c90a98..de6074da 100644
--- a/configure.in
+++ b/configure.in
@@ -71,7 +71,7 @@ AC_ARG_ENABLE(memory-debug,
 	WITH_MEMORY_DEBUG=yes ; AC_DEFINE([MEMORY_DEBUG],,
 		[Every malloc etc. call will be tracked]) , WITH_MEMORY_DEBUG=no)
 AC_SUBST(WITH_MEMORY_DEBUG)
-AH_VERBATIM([_MEMORY_DEBUG], 
+AH_VERBATIM([_MEMORY_DEBUG],
 [#ifdef MEMORY_DEBUG
 /*
  * this is basically a hack - we need to include a semiarbitrary
@@ -474,5 +474,15 @@ fi
 AC_SUBST(PSER)
 AC_SUBST(PS2PDF)
 
+AH_VERBATIM([_ENABLE_NLS],
+[#ifdef ENABLE_NLS
+#include <libintl.h>
+#define _(msgid) dgettext("Linux-PAM", msgid)
+#define N_(msgid) msgid
+#else
+#define _(msgid) (msgid)
+#define N_(msgid) msgid
+#endif /* ENABLE_NLS */])
+
 dnl Files to be created from when we run configure
 AC_OUTPUT(Make.Rules)
diff --git a/libpam/pam_strerror.c b/libpam/pam_strerror.c
index 3bec2a6d..ecdad0c0 100644
--- a/libpam/pam_strerror.c
+++ b/libpam/pam_strerror.c
@@ -10,70 +10,70 @@ const char *pam_strerror(pam_handle_t *pamh, int errnum)
 {
     switch (errnum) {
     case PAM_SUCCESS:
-	return "Success";
+      return _("Success");
     case PAM_ABORT:
-	return "Critical error - immediate abort";
+      return _("Critical error - immediate abort");
     case PAM_OPEN_ERR:
-	return "dlopen() failure";
+      return _("dlopen() failure");
     case PAM_SYMBOL_ERR:
-	return "Symbol not found";
+      return _("Symbol not found");
     case PAM_SERVICE_ERR:
-	return "Error in service module";
+      return _("Error in service module");
     case PAM_SYSTEM_ERR:
-	return "System error";
+      return _("System error");
     case PAM_BUF_ERR:
-	return "Memory buffer error";
+      return _("Memory buffer error");
     case PAM_PERM_DENIED:
-	return "Permission denied";
+      return _("Permission denied");
     case PAM_AUTH_ERR:
-	return "Authentication failure";
+      return _("Authentication failure");
     case PAM_CRED_INSUFFICIENT:
-	return "Insufficient credentials to access authentication data";
+      return _("Insufficient credentials to access authentication data");
     case PAM_AUTHINFO_UNAVAIL:
-	return "Authentication service cannot retrieve authentication info.";
+      return _("Authentication service cannot retrieve authentication info.");
     case PAM_USER_UNKNOWN:
-	return "User not known to the underlying authentication module";
+      return _("User not known to the underlying authentication module");
     case PAM_MAXTRIES:
-	return "Have exhausted maximum number of retries for service.";
+      return _("Have exhausted maximum number of retries for service.");
     case PAM_NEW_AUTHTOK_REQD:
-	return "Authentication token is no longer valid; new one required.";
+      return _("Authentication token is no longer valid; new one required.");
     case PAM_ACCT_EXPIRED:
-	return "User account has expired";
+      return _("User account has expired");
     case PAM_SESSION_ERR:
-	return "Cannot make/remove an entry for the specified session";
+      return _("Cannot make/remove an entry for the specified session");
     case PAM_CRED_UNAVAIL:
-	return "Authentication service cannot retrieve user credentials";
+      return _("Authentication service cannot retrieve user credentials");
     case PAM_CRED_EXPIRED:
-	return "User credentials expired";
+      return _("User credentials expired");
     case PAM_CRED_ERR:
-	return "Failure setting user credentials";
+      return _("Failure setting user credentials");
     case PAM_NO_MODULE_DATA:
-	return "No module specific data is present";
+      return _("No module specific data is present");
     case PAM_BAD_ITEM:
-	return "Bad item passed to pam_*_item()";
+      return _("Bad item passed to pam_*_item()");
     case PAM_CONV_ERR:
-	return "Conversation error";
+      return _("Conversation error");
     case PAM_AUTHTOK_ERR:
-	return "Authentication token manipulation error";
+      return _("Authentication token manipulation error");
     case PAM_AUTHTOK_RECOVER_ERR:
-	return "Authentication information cannot be recovered";
+      return _("Authentication information cannot be recovered");
     case PAM_AUTHTOK_LOCK_BUSY:
-	return "Authentication token lock busy";
+      return _("Authentication token lock busy");
     case PAM_AUTHTOK_DISABLE_AGING:
-	return "Authentication token aging disabled";
+      return _("Authentication token aging disabled");
     case PAM_TRY_AGAIN:
-	return "Failed preliminary check by password service";
+      return _("Failed preliminary check by password service");
     case PAM_IGNORE:
-	return "The return value should be ignored by PAM dispatch";
+      return _("The return value should be ignored by PAM dispatch");
     case PAM_MODULE_UNKNOWN:
-	return "Module is unknown";
+      return _("Module is unknown");
     case PAM_AUTHTOK_EXPIRED:
-	return "Authentication token expired";
+      return _("Authentication token expired");
     case PAM_CONV_AGAIN:
-	return "Conversation is waiting for event";
+      return _("Conversation is waiting for event");
     case PAM_INCOMPLETE:
-	return "Application needs to call libpam again";
+      return _("Application needs to call libpam again");
     }
 
-    return "Unknown PAM error";
+    return _("Unknown PAM error");
 }
diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c
index 926603bd..90869f96 100644
--- a/libpam_misc/misc_conv.c
+++ b/libpam_misc/misc_conv.c
@@ -32,8 +32,8 @@
 time_t pam_misc_conv_warn_time = 0;                  /* time when we warn */
 time_t pam_misc_conv_die_time  = 0;               /* time when we timeout */
 
-const char *pam_misc_conv_warn_line = "..\a.Time is running out...\n";
-const char *pam_misc_conv_die_line  = "..\a.Sorry, your time is up!\n";
+const char *pam_misc_conv_warn_line = N_("..\a.Time is running out...\n");
+const char *pam_misc_conv_die_line  = N_("..\a.Sorry, your time is up!\n");
 
 int pam_misc_conv_died=0;       /* application can probe this for timeout */
 
@@ -156,9 +156,9 @@ static int read_string(int echo, const char *prompt, char **retstr)
 	 * the conversation without giving PAM a chance to clean up.
 	 */
 
-	sigemptyset(&nset); 
-	sigaddset(&nset, SIGINT); 
-	sigaddset(&nset, SIGTSTP); 
+	sigemptyset(&nset);
+	sigaddset(&nset, SIGINT);
+	sigaddset(&nset, SIGTSTP);
 	(void) sigprocmask(SIG_BLOCK, &nset, &oset);
 
     } else if (!echo) {
@@ -331,8 +331,8 @@ int misc_conv(int num_msg, const struct pam_message **msgm,
 	    break;
 	}
 	default:
-	    fprintf(stderr, "erroneous conversation (%d)\n"
-		    ,msgm[count]->msg_style);
+	    fprintf(stderr, _("erroneous conversation (%d)\n"),
+		   msgm[count]->msg_style);
 	    goto failed_conversation;
 	}
 
@@ -373,7 +373,7 @@ failed_conversation:
 	    case PAM_TEXT_INFO:
 		/* should not actually be able to get here... */
 		free(reply[count].resp);
-	    }                                            
+	    }
 	    reply[count].resp = NULL;
 	}
 	/* forget reply too */
@@ -383,4 +383,3 @@ failed_conversation:
 
     return PAM_CONV_ERR;
 }
-
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index 4f010009..de795e11 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -59,9 +59,6 @@
 #include <security/_pam_macros.h>
 #include <security/_pam_modutil.h>
 
-#include <libintl.h>
-#define _(x) gettext(x)
-
 #ifndef PAM_SELINUX_MAIN
 #define MODULE "pam_selinux"
 
@@ -139,7 +136,7 @@ select_context (pam_handle_t *pamh, security_context_t* contextlist,
       {
 	  int choice=0;
 	  int i;
-	  char *prompt=_("Enter number of choice: ");
+	  const char *prompt=_("Enter number of choice: ");
 	  int len=strlen(prompt);
 	  char buf[PATH_MAX];
 
@@ -166,11 +163,11 @@ select_context (pam_handle_t *pamh, security_context_t* contextlist,
         _pam_drop_reply(responses, 1);
     } else {
       if (debug)
-	syslog(LOG_NOTICE, _("%s: bogus conversation function"),MODULE);
+	syslog(LOG_NOTICE, "%s: bogus conversation function",MODULE);
     }
   } else {
     if (debug)
-      syslog(LOG_NOTICE, _("%s: no conversation function"),MODULE);
+      syslog(LOG_NOTICE, "%s: no conversation function",MODULE);
   }
   return (security_context_t) strdup(contextlist[0]);
 }
@@ -249,11 +246,11 @@ manual_context (pam_handle_t *pamh, const char *user, int debug)
       } /* end while */
     } else {
       if (debug)
-	syslog(LOG_NOTICE, _("%s: bogus conversation function"),MODULE);
+	syslog(LOG_NOTICE, "%s: bogus conversation function",MODULE);
     }
   } else {
     if (debug)
-      syslog(LOG_NOTICE, _("%s: no conversation function"),MODULE);
+      syslog(LOG_NOTICE, "%s: no conversation function",MODULE);
   }
   return NULL;
 }
@@ -276,7 +273,7 @@ static void security_restorelabel_tty(const char *tty,
   if (setfilecon(ptr, context) && errno != ENOENT)
   {
       syslog(LOG_NOTICE,
-             _("Warning!  Could not relabel %s with %s, not relabeling.\n"),
+             "Warning!  Could not relabel %s with %s, not relabeling.\n",
              ptr, context);
   }
 }
@@ -300,14 +297,15 @@ static security_context_t security_label_tty(char *tty,
   if (getfilecon(ptr, &prev_context) < 0)
   {
       syslog(LOG_NOTICE,
-           _("Warning!  Could not get current context for %s, not relabeling."),           ptr);
+	     "Warning!  Could not get current context for %s, not relabeling.",
+	     ptr);
       return NULL;
   }
   if( security_compute_relabel(usercon,prev_context,SECCLASS_CHR_FILE,
                                &newdev_context)!=0)
   {
     syslog(LOG_NOTICE,
-           _("Warning!  Could not get new context for %s, not relabeling."),
+           "Warning!  Could not get new context for %s, not relabeling.",
            ptr);
     syslog(LOG_NOTICE, "usercon=%s, prev_context=%s\n", usercon, prev_context);
     freecon(prev_context);
@@ -317,7 +315,7 @@ static security_context_t security_label_tty(char *tty,
   if (status)
   {
       syslog(LOG_NOTICE,
-             _("Warning!  Could not relabel %s with %s, not relabeling.%s"),
+             "Warning!  Could not relabel %s with %s, not relabeling.%s",
              ptr,newdev_context,strerror(errno));
       freecon(prev_context);
       prev_context=NULL;
@@ -358,11 +356,11 @@ verbose_message(pam_handle_t *pamh, char *msg, int debug)
         _pam_drop_reply(responses, 1);
     } else {
       if (debug)
-	syslog(LOG_NOTICE, _("%s: bogus conversation function"),MODULE);
+	syslog(LOG_NOTICE, "%s: bogus conversation function", MODULE);
     }
   } else {
     if (debug)
-      syslog(LOG_NOTICE,_("%s: no conversation function"),MODULE);
+      syslog(LOG_NOTICE, "%s: no conversation function", MODULE);
   }
 }
 
@@ -435,13 +433,13 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
     if (has_tty) {
       user_context = manual_context(pamh,username,debug);
       if (user_context == NULL) {
-	syslog (LOG_ERR, _("Unable to get valid context for %s"),
+	syslog (LOG_ERR, "Unable to get valid context for %s",
 		(const char *)username);
 	return PAM_AUTH_ERR;
       }
     } else {
 	syslog (LOG_ERR,
-		_("Unable to get valid context for %s, No valid tty"),
+		"Unable to get valid context for %s, No valid tty",
 		(const char *)username);
 	return PAM_AUTH_ERR;
     }
@@ -478,13 +476,13 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
     verbose_message(pamh, msg, debug);
   }
   if (ret) {
-    syslog(LOG_ERR, _("Error!  Unable to set %s executable context %s."),
+    syslog(LOG_ERR, "Error!  Unable to set %s executable context %s.",
            (const char *)username, user_context);
     freecon(user_context);
     return PAM_AUTH_ERR;
   } else {
     if (debug)
-      syslog(LOG_NOTICE, _("%s: set %s security context to %s"),MODULE,
+      syslog(LOG_NOTICE, "%s: set %s security context to %s", MODULE,
              (const char *)username, user_context);
   }
   freecon(user_context);
@@ -527,13 +525,13 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
   status=setexeccon(prev_user_context);
   freecon(prev_user_context);
   if (status) {
-    syslog(LOG_ERR, _("Error!  Unable to set executable context %s."),
+    syslog(LOG_ERR, "Error!  Unable to set executable context %s.",
            prev_user_context);
     return PAM_AUTH_ERR;
   }
 
   if (debug)
-    syslog(LOG_NOTICE, _("%s: setcontext back to orginal"),MODULE);
+    syslog(LOG_NOTICE, "%s: setcontext back to orginal", MODULE);
 
   return PAM_SUCCESS;
 }
diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c
index 0365f443..f4edf60e 100644
--- a/modules/pam_stress/pam_stress.c
+++ b/modules/pam_stress/pam_stress.c
@@ -478,8 +478,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	       }
 	       pmsg[0] = &msg[0];
 	       msg[0].msg_style = PAM_TEXT_INFO;
-#define _LOCAL_STRESS_COMMENT "Changing STRESS password for "
-	       txt = (char *) malloc(sizeof(_LOCAL_STRESS_COMMENT)
+#define _LOCAL_STRESS_COMMENT _("Changing STRESS password for ")
+	       txt = (char *) malloc(strlen(_LOCAL_STRESS_COMMENT)
 				     +strlen(username)+1);
 	       strcpy(txt, _LOCAL_STRESS_COMMENT);
 #undef _LOCAL_STRESS_COMMENT
@@ -492,10 +492,10 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 
 	  pmsg[i] = &msg[i];
 	  msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
-	  msg[i++].msg = "Enter new STRESS password: ";
+	  msg[i++].msg = _("Enter new STRESS password: ");
 	  pmsg[i] = &msg[i];
 	  msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
-	  msg[i++].msg = "Retype new STRESS password: ";
+	  msg[i++].msg = _("Retype new STRESS password: ");
 	  resp = NULL;
 
 	  retval = converse(pamh,i,pmsg,&resp);
@@ -523,8 +523,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 		    if (!(flags & PAM_SILENT) && !(ctrl & PAM_ST_NO_WARN)) {
 			 pmsg[0] = &msg[0];
 			 msg[0].msg_style = PAM_ERROR_MSG;
-			 msg[0].msg = "Verification mis-typed; "
-			      "password unchanged";
+			 msg[0].msg = _("Verification mis-typed; "
+					"password unchanged");
 			 resp = NULL;
 			 (void) converse(pamh,1,pmsg,&resp);
 			 if (resp) {
diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c
index b49ef352..4c480625 100644
--- a/modules/pam_tally/pam_tally.c
+++ b/modules/pam_tally/pam_tally.c
@@ -727,10 +727,10 @@ static int cline_quiet =  0;
 
 static const char * pam_errors( int i ) {
   switch (i) {
-  case PAM_AUTH_ERR:     return "Authentication error";
-  case PAM_SERVICE_ERR:  return "Service error";
-  case PAM_USER_UNKNOWN: return "Unknown user";
-  default:               return "Unknown error";
+  case PAM_AUTH_ERR:     return _("Authentication error");
+  case PAM_SERVICE_ERR:  return _("Service error");
+  case PAM_USER_UNKNOWN: return _("Unknown user");
+  default:               return _("Unknown error");
   }
 }
 
@@ -744,11 +744,11 @@ static int getopts( int argc, char **argv ) {
     else if ( !strcmp (*argv,"--reset")   ) cline_reset=0;
     else if ( !strncmp(*argv,"--reset=",8)) {
       if ( sscanf(*argv+8,TALLY_FMT,&cline_reset) != 1 )
-        fprintf(stderr,"%s: Bad number given to --reset=\n",pname), exit(0);
+        fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0);
     }
     else if ( !strcmp (*argv,"--quiet")   ) cline_quiet=1;
     else {
-      fprintf(stderr,"%s: Unrecognised option %s\n",pname,*argv);
+      fprintf(stderr,_("%s: Unrecognised option %s\n"),pname,*argv);
       return FALSE;
     }
   }
@@ -760,8 +760,8 @@ int main ( int argc, char **argv ) {
   struct fail_s fs, *fsp = &fs;
 
   if ( ! getopts( argc, argv+1 ) ) {
-    printf("%s: [--file rooted-filename] [--user username] "
-           "[--reset[=n]] [--quiet]\n",
+    printf(_("%s: [--file rooted-filename] [--user username] "
+	     "[--reset[=n]] [--quiet]\n"),
            *argv);
     exit(0);
   }
@@ -833,7 +833,7 @@ int main ( int argc, char **argv ) {
     }
     fclose(TALLY);
     if ( cline_reset!=0 && cline_reset!=TALLY_HI ) {
-      fprintf(stderr,"%s: Can't reset all users to non-zero\n",*argv);
+      fprintf(stderr,_("%s: Can't reset all users to non-zero\n"),*argv);
     }
     else if ( !cline_reset ) {
       TALLY=fopen(cline_filename, "w");
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index b5160cde..9264fd47 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -193,7 +193,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 	time_t curdays;
 	struct spwd *spent;
 	struct passwd *pwent;
-	char buf[80];
+	char buf[256];
 
 	D(("called."));
 
@@ -265,7 +265,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 			 ,"account %s has expired (account expired)"
 			 ,uname);
 		_make_remark(pamh, ctrl, PAM_ERROR_MSG,
-			    "Your account has expired; please contact your system administrator");
+			     _("Your account has expired; please contact your system administrator"));
 		D(("account expired"));
 		return PAM_ACCT_EXPIRED;
 	}
@@ -274,7 +274,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 			 ,"expired password for user %s (root enforced)"
 			 ,uname);
 		_make_remark(pamh, ctrl, PAM_ERROR_MSG,
-			    "You are required to change your password immediately (root enforced)");
+			     _("You are required to change your password immediately (root enforced)"));
 		D(("need a new password"));
 		return PAM_NEW_AUTHTOK_REQD;
 	}
@@ -292,7 +292,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 		    ,"account %s has expired (failed to change password)"
 			 ,uname);
 		_make_remark(pamh, ctrl, PAM_ERROR_MSG,
-			    "Your account has expired; please contact your system administrator");
+			     _("Your account has expired; please contact your system administrator"));
 		D(("account expired 2"));
 		return PAM_ACCT_EXPIRED;
 	}
@@ -301,7 +301,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 			 ,"expired password for user %s (password aged)"
 			 ,uname);
 		_make_remark(pamh, ctrl, PAM_ERROR_MSG,
-			    "You are required to change your password immediately (password aged)");
+			     _("You are required to change your password immediately (password aged)"));
 		D(("need a new password 2"));
 		return PAM_NEW_AUTHTOK_REQD;
 	}
@@ -311,7 +311,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 		_log_err(LOG_DEBUG, pamh
 			 ,"password for user %s will expire in %d days"
 			 ,uname, daysleft);
-		snprintf(buf, 80, "Warning: your password will expire in %d day%.2s",
+		snprintf(buf, sizeof (buf), _("Warning: your password will expire in %d day%.2s"),
 			 daysleft, daysleft == 1 ? "" : "s");
 		_make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
 	}
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index f1f87a2c..480dc337 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -815,7 +815,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho,
 		clnt_destroy(clnt);
 		if (err || status) {
 			_make_remark(pamh, ctrl, PAM_TEXT_INFO,
-				"NIS password could not be changed.");
+				_("NIS password could not be changed."));
 			retval = PAM_TRY_AGAIN;
 		}
 #ifdef DEBUG
@@ -959,7 +959,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
 			_log_err(LOG_DEBUG, pamh, "bad authentication token");
 		}
 		_make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
-			  "No password supplied" : "Password unchanged");
+			_("No password supplied") : _("Password unchanged"));
 		return PAM_AUTHTOK_ERR;
 	}
 	/*
@@ -980,12 +980,12 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
 		D(("called cracklib [%s]", remark));
 #else
 		if (strlen(pass_new) < 6)
-			remark = "You must choose a longer password";
+		  remark = _("You must choose a longer password");
 		D(("length check [%s]", remark));
 #endif
 		if (on(UNIX_REMEMBER_PASSWD, ctrl)) {
 			if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR)
-				remark = "Password has been already used. Choose another.";
+			  remark = _("Password has been already used. Choose another.");
 			if (retval == PAM_ABORT) {
 				_log_err(LOG_ERR, pamh, "can't open %s file to check old passwords",
 					OLD_PASSWORDS_FILE);
@@ -1144,7 +1144,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 		if (retval == PAM_AUTHTOK_ERR) {
 			if (off(UNIX__IAMROOT, ctrl))
 				_make_remark(pamh, ctrl, PAM_ERROR_MSG,
-					    "You must wait longer to change your password");
+					     _("You must wait longer to change your password"));
 			else
 				retval = PAM_SUCCESS;
 		}