diff --git a/include/User.h b/include/User.h
index 5e3ab15a4a..35050850f3 100644
--- a/include/User.h
+++ b/include/User.h
@@ -31,6 +31,11 @@ class User : public PoolObjectSQL
 {
 public:
 
+    /**
+     *  Characters that can not be in a password
+     */
+    static const string NO_PASSWD_CHARS;
+
     /**
      * Function to print the User object into a string in XML format
      *  @param xml the resulting XML string
@@ -73,11 +78,35 @@ public:
     };
 
     /**
-     *  Sets user password
+     *  Checks if a password is valid.
+     *    @param passwd to be checked
+     *    @return true if the password is valid
      */
-    void set_password(string _password)
+    static bool is_valid_password(const string& passwd)
     {
-        password = _password;
+        return passwd.find_first_of(NO_PASSWD_CHARS) == string::npos;
+    }
+
+    /**
+     *  Sets user password. It checks that the new password does not contain
+     *  forbidden chars.
+     *    @param _password the new pass
+     *    @returns -1 if the password is not valid
+     */
+    int set_password(const string& passwd)
+    {
+        int rc = 0;
+
+        if (is_valid_password(passwd))
+        { 
+            password = passwd;
+        }
+        else
+        {
+            rc = -1;
+        }
+
+        return rc;
     };
 
     /**
diff --git a/src/rm/RequestManagerAllocate.cc b/src/rm/RequestManagerAllocate.cc
index abaa83ff36..7db6c60e3b 100644
--- a/src/rm/RequestManagerAllocate.cc
+++ b/src/rm/RequestManagerAllocate.cc
@@ -242,6 +242,13 @@ int UserAllocate::pool_allocate(xmlrpc_c::paramList const& paramList,
         ugname = GroupPool::USERS_NAME;
     }
 
+    if (!User::is_valid_password(passwd))
+    {
+        error_str = "Invalid password, it can not contain spaces.";
+
+        return -1;
+    }
+
     return upool->allocate(&id,ugid,uname,ugname,passwd,true,error_str);
 }
 
diff --git a/src/rm/RequestManagerUser.cc b/src/rm/RequestManagerUser.cc
index 1536f42c92..663a091c41 100644
--- a/src/rm/RequestManagerUser.cc
+++ b/src/rm/RequestManagerUser.cc
@@ -61,13 +61,20 @@ int UserChangePassword::user_action(User * user,
 
     string new_pass = xmlrpc_c::value_string(paramList.getString(2));
 
-    user->set_password(new_pass);
+    int rc = user->set_password(new_pass);
 
-    pool->update(user);
+    if ( rc == 0 )
+    {
+        pool->update(user);
+    }
+    else
+    {
+        error_str = "Invalid password, it can not contain spaces.";
+    }
 
     user->unlock();
 
-    return 0;
+    return rc;
 }
 
 /* ------------------------------------------------------------------------- */
diff --git a/src/um/User.cc b/src/um/User.cc
index 6a509b60b5..71837e68de 100644
--- a/src/um/User.cc
+++ b/src/um/User.cc
@@ -27,6 +27,8 @@
 #include "Group.h"
 
 
+const string User::NO_PASSWD_CHARS = " \t\n\v\f\r";
+
 /* ************************************************************************** */
 /* User :: Database Access Functions                                          */
 /* ************************************************************************** */