diff --git a/include/User.h b/include/User.h
index 35050850f3..c78ed283f6 100644
--- a/include/User.h
+++ b/include/User.h
@@ -34,7 +34,7 @@ public:
     /**
      *  Characters that can not be in a password
      */
-    static const string NO_PASSWD_CHARS;
+    static const string INVALID_CHARS;
 
     /**
      * Function to print the User object into a string in XML format
@@ -78,31 +78,52 @@ public:
     };
 
     /**
-     *  Checks if a password is valid.
-     *    @param passwd to be checked
-     *    @return true if the password is valid
+     *  Checks if a name or password is valid, i.e. it is not empty and does not
+     *  contain invalid characters.
+     *    @param str Name or password to be checked
+     *    @param error_str Returns the error reason, if any
+     *    @return true if the string is valid
      */
-    static bool is_valid_password(const string& passwd)
+    static bool is_valid(const string& str, string& error_str)
     {
-        return passwd.find_first_of(NO_PASSWD_CHARS) == string::npos;
+        if ( str.empty() )
+        {
+            error_str = "cannot be empty";
+            return false;
+        }
+
+        size_t pos = str.find_first_of(INVALID_CHARS);
+
+        if ( pos != string::npos )
+        {
+            ostringstream oss;
+            oss << "character '" << str.at(pos) << "' is not allowed";
+
+            error_str = oss.str();
+            return false;
+        }
+
+        return true;
     }
 
     /**
      *  Sets user password. It checks that the new password does not contain
      *  forbidden chars.
      *    @param _password the new pass
+     *    @param error_str Returns the error reason, if any
      *    @returns -1 if the password is not valid
      */
-    int set_password(const string& passwd)
+    int set_password(const string& passwd, string& error_str)
     {
         int rc = 0;
 
-        if (is_valid_password(passwd))
+        if (is_valid(passwd, error_str))
         { 
             password = passwd;
         }
         else
         {
+            error_str = string("Invalid password: ").append(error_str);
             rc = -1;
         }
 
diff --git a/src/rm/RequestManagerUser.cc b/src/rm/RequestManagerUser.cc
index 663a091c41..2dcb17401d 100644
--- a/src/rm/RequestManagerUser.cc
+++ b/src/rm/RequestManagerUser.cc
@@ -61,16 +61,12 @@ int UserChangePassword::user_action(User * user,
 
     string new_pass = xmlrpc_c::value_string(paramList.getString(2));
 
-    int rc = user->set_password(new_pass);
+    int rc = user->set_password(new_pass, error_str);
 
     if ( rc == 0 )
     {
         pool->update(user);
     }
-    else
-    {
-        error_str = "Invalid password, it can not contain spaces.";
-    }
 
     user->unlock();
 
diff --git a/src/um/User.cc b/src/um/User.cc
index 71837e68de..71b2d4cd28 100644
--- a/src/um/User.cc
+++ b/src/um/User.cc
@@ -27,7 +27,7 @@
 #include "Group.h"
 
 
-const string User::NO_PASSWD_CHARS = " \t\n\v\f\r";
+const string User::INVALID_CHARS = " :\t\n\v\f\r";
 
 /* ************************************************************************** */
 /* User :: Database Access Functions                                          */
diff --git a/src/um/UserPool.cc b/src/um/UserPool.cc
index 73bf9ddb98..f2ba70a7a7 100644
--- a/src/um/UserPool.cc
+++ b/src/um/UserPool.cc
@@ -136,12 +136,12 @@ int UserPool::allocate (
 
     ostringstream   oss;
 
-    if (password.empty() || !User::is_valid_password(password))
+    if ( !User::is_valid(password, error_str) )
     {
         goto error_pass;
     }
 
-    if ( uname.empty() )
+    if ( !User::is_valid(uname, error_str) )
     {
         goto error_name;
     }
@@ -182,11 +182,11 @@ int UserPool::allocate (
     return *oid;
 
 error_pass:
-    oss << "Invalid password, it can not contain spaces.";
+    oss << "Invalid password, " << error_str << ".";
     goto error_common;
 
 error_name:
-    oss << "NAME cannot be empty.";
+    oss << "Invalid NAME, " << error_str << ".";
     goto error_common;
 
 error_duplicated:
diff --git a/src/um/test/UserPoolTest.cc b/src/um/test/UserPoolTest.cc
index 8012cbacdc..09be4b1588 100644
--- a/src/um/test/UserPoolTest.cc
+++ b/src/um/test/UserPoolTest.cc
@@ -31,10 +31,10 @@ const string usernames[] = { "A_user", "B_user", "C_user", "D_user", "E_user" };
 const string passwords[] = { "A_pass", "B_pass", "C_pass", "D_pass", "E_pass" };
 
 const string dump_result =
-    "<USER_POOL><USER><ID>0</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>one_user_test</NAME><PASSWORD>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>1</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a</NAME><PASSWORD>p</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>2</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a name</NAME><PASSWORD>pass</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>3</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a_name</NAME><PASSWORD>password</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>4</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>another name</NAME><PASSWORD>secret</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>5</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>user</NAME><PASSWORD>1234</PASSWORD><ENABLED>1</ENABLED></USER></USER_POOL>";
+    "<USER_POOL><USER><ID>0</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>one_user_test</NAME><PASSWORD>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>1</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a</NAME><PASSWORD>p</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>2</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a_name</NAME><PASSWORD>pass</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>3</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a_name_2</NAME><PASSWORD>password</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>4</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>another_name</NAME><PASSWORD>secret</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>5</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>user</NAME><PASSWORD>1234</PASSWORD><ENABLED>1</ENABLED></USER></USER_POOL>";
 
 const string dump_where_result =
-    "<USER_POOL><USER><ID>1</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a</NAME><PASSWORD>p</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>2</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a name</NAME><PASSWORD>pass</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>3</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a_name</NAME><PASSWORD>password</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>4</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>another name</NAME><PASSWORD>secret</PASSWORD><ENABLED>1</ENABLED></USER></USER_POOL>";
+    "<USER_POOL><USER><ID>1</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a</NAME><PASSWORD>p</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>2</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a_name</NAME><PASSWORD>pass</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>3</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>a_name_2</NAME><PASSWORD>password</PASSWORD><ENABLED>1</ENABLED></USER><USER><ID>4</ID><GID>0</GID><GNAME>oneadmin</GNAME><NAME>another_name</NAME><PASSWORD>secret</PASSWORD><ENABLED>1</ENABLED></USER></USER_POOL>";
 
 #include "NebulaTest.h"
 
@@ -313,7 +313,7 @@ public:
 
     void dump()
     {
-        string d_names[] = {"a", "a name", "a_name", "another name", "user"};
+        string d_names[] = {"a", "a_name", "a_name_2", "another_name", "user"};
         string d_pass[]  = {"p", "pass", "password", "secret", "1234"};
 
         int oid;
@@ -340,7 +340,7 @@ public:
 
     void dump_where()
     {
-        string d_names[] = {"a", "a name", "a_name", "another name", "user"};
+        string d_names[] = {"a", "a_name", "a_name_2", "another_name", "user"};
         string d_pass[]  = {"p", "pass", "password", "secret", "1234"};
 
         int oid;