External Authentication: Informing SSH and Rest User that they are locked out

We have successfully used the External authentication to prevent a user from a successful login after a certain number of failed password attempts.
We return
“reject User Locked\n”

The issue is that the “User Locked” does not appear in the SSH or Rest interface so that we can properly inform the user of the account status and allow them to stop retrying password attempts.

Is there anyway to inform the user of their “Locked” status?

I should add that we are using confd version 6.4.3

See the “AUTHENTICATION CALLBACK” section in the confd_lib_dp man pages.
If you want to implement the callback in Erlang and run inside ConfD to avoid a socket call and context switch for every authentication check, see erlang/econfd/examples/test/test.erl.
For a C-implementation, the man page gives you the guidance you need.