passwd: Authentication token manipulation error (226 Views)
Reply
Regular Advisor
joseph wholey
Posts: 120
Registered: ‎03-17-2006
Message 1 of 30 (226 Views)

passwd: Authentication token manipulation error

RHEL3 AS. I created a handful of userids on the system. When I log into the system as one of those users and issue "passwd" (to change the password), I get the following error.

passwd: Authentication token manipulation error

Any ideas.
Please use plain text.
Honored Contributor
Ivan Ferreira
Posts: 6,957
Registered: ‎05-07-2004
Message 2 of 30 (226 Views)

Re: passwd: Authentication token manipulation error

Try running system-config-auth and configure the right values.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Please use plain text.
Regular Advisor
joseph wholey
Posts: 120
Registered: ‎03-17-2006
Message 3 of 30 (226 Views)

Re: passwd: Authentication token manipulation error

If you are talking about the /etc/pam.d/system-auth, it has the same values as all of my other working systems. If you are in fact talking about a file called "system-config-auth", it doesn't exist.
Please use plain text.
Honored Contributor
Ivan Ferreira
Posts: 6,957
Registered: ‎05-07-2004
Message 4 of 30 (226 Views)

Re: passwd: Authentication token manipulation error

It was system-config-authentication, and yes, I want that system-config-authentication set the right values for /etc/pam.d/passwd and related files. Check also /etc/nsswitch.conf.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Please use plain text.
Regular Advisor
joseph wholey
Posts: 120
Registered: ‎03-17-2006
Message 5 of 30 (226 Views)

Re: passwd: Authentication token manipulation error

Ivan, can you be a little more clear on what you are saying... thx.
Please use plain text.
Honored Contributor
Rick Garland
Posts: 4,470
Registered: ‎06-25-1997
Message 6 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

I see this when there acct's corresponding entry is not in the /etc/shadow file.

This is 1 situation is which this error occurs.

Please use plain text.
Honored Contributor
Ivan Ferreira
Posts: 6,957
Registered: ‎05-07-2004
Message 7 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

How did you created these users? With useradd? Are you using something like NIS or LDAP?

What I mean is that running system-config-authentication you can configure the pam settings for the files located in /etc/pam.d.

In /etc/nsswitch.conf you should have something like this:

passwd: files nis
shadow: files nis
group: files nis
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Please use plain text.
Regular Advisor
joseph wholey
Posts: 120
Registered: ‎03-17-2006
Message 8 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

Not running NIS or LDAP in my environment.
Please use plain text.
Honored Contributor
Vitaly Karasik_1
Posts: 1,461
Registered: ‎10-22-2002
Message 9 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

Joseph,
So you're able to login with your user account (and not just "su" from root), but cannot change password using "passwd"?
Please use plain text.
Regular Advisor
joseph wholey
Posts: 120
Registered: ‎03-17-2006
Message 10 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

Correct.
Please use plain text.
Honored Contributor
Ivan Ferreira
Posts: 6,957
Registered: ‎05-07-2004
Message 11 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

What do you get when you run passwd in the /var/log/messages and /var/log/secure file?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Please use plain text.
Honored Contributor
Ivan Ferreira
Posts: 6,957
Registered: ‎05-07-2004
Message 12 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

Also, ensure that the passwd command has the SUID bit enabled and it's owned by root.root.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Please use plain text.
Honored Contributor
Vitaly Karasik_1
Posts: 1,461
Registered: ‎10-22-2002
Message 13 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

- can you send us output of
"grep passwd /etc/nsswitch.conf"
- is it possible to change root's password?
- is root able to change user's password?
Please use plain text.
Regular Advisor
joseph wholey
Posts: 120
Registered: ‎03-17-2006
Message 14 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

- can you send us output of
"grep passwd /etc/nsswitch.conf"
[root@rhel012 u]# grep passwd /etc/nsswitch.conf
#passwd: db files ldap nis
passwd: files


- is it possible to change root's password?
yes

- is root able to change user's password?
yes
Please use plain text.
Honored Contributor
Vitaly Karasik_1
Posts: 1,461
Registered: ‎10-22-2002
Message 15 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

Agree with Ivan - permission/ownership of /usr/bin/passwd may be a problem. Let's check integrity of "passwd" package with

rpm -V passwd

command. Output of this command should be empty if everything is OK.
Please use plain text.
Regular Advisor
joseph wholey
Posts: 120
Registered: ‎03-17-2006
Message 16 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

As indicated... no output.
Please use plain text.
Honored Contributor
Vitaly Karasik_1
Posts: 1,461
Registered: ‎10-22-2002
Message 17 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

"chpw" output?
Please use plain text.
Trusted Contributor
Steven Mertens
Posts: 85
Registered: ‎12-26-2000
Message 18 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

Hello,

Is it possible you never set an initial password for the users you created with root ?

Try first setting a password with root for
the users you created.
Login with one of the created users and try passwd then.

Hope this helps.

S.
Please use plain text.
Regular Advisor
joseph wholey
Posts: 120
Registered: ‎03-17-2006
Message 19 of 30 (225 Views)

Re: passwd: Authentication token manipulation error


Possible... but not the case. I create the id, set the password, log in for the first time using that password, go to change the password, and then I get the error:

passwd: Authentication token manipulation error

thx

Is it possible you never set an initial password for the users you created with root ?

Try first setting a password with root for
the users you created.
Login with one of the created users and try passwd then.
Please use plain text.
Honored Contributor
Ivan Ferreira
Posts: 6,957
Registered: ‎05-07-2004
Message 20 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

Logs please! /var/log/message /var/log/secure after the passwd command.

Check permissions for the /etc/passwd and /etc/shadow file.

/etc/passwd root.root -rw-r--r--
/etc/shadow root.root -r--------
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Please use plain text.
Regular Advisor
joseph wholey
Posts: 120
Registered: ‎03-17-2006
Message 21 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

-rw-r--r-- 1 root root 2558 Mar 30 09:40 /etc/passwd
-r-------- 1 root root 1958 Mar 30 09:40 /etc/shadow


Creating ID and changing password:

/var/log/secure
Mar 30 09:40:55 rhel012 useradd[21436]: new user: name=cognos, uid=206, gid=306, home=/home/cognos, shell=/bin/ksh

/var/log/messages
Mar 30 09:40:55 rhel012 passwd(pam_unix)[21439]: password changed for cognos


ssh'ing into server (as cognos) with above id and password previously created:

/var/log/secure (after logging in as cognos)
Mar 30 09:43:49 rhel012 sshd[21487]: Accepted password for cognos from ::ffff:10.160.11.75 port 35769 ssh2

/var/log/messages (after logging in as cognos)
Mar 30 09:43:49 rhel012 sshd(pam_unix)[21490]: session opened for user cognos by (uid=0)

attempting to change cognos' password as cognos:

$ passwd
Changing password for user cognos.
Changing password for cognos
(current) UNIX password:
passwd: Authentication token manipulation error

/var/log/secure (no new messages)

/var/log/messages
Mar 30 09:48:32 rhel012 passwd(pam_unix)[21582]: authentication failure; logname=cognos uid=206 euid=0 tty=pts/1 ruser= rhost= user=cognos
Please use plain text.
Honored Contributor
Ivan Ferreira
Posts: 6,957
Registered: ‎05-07-2004
Message 22 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

Are you sure that you are specifying your CURRENT password (used to login) correctly before the NEW password?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Please use plain text.
Regular Advisor
joseph wholey
Posts: 120
Registered: ‎03-17-2006
Message 23 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

Well, if I wasn't, how would I be able to log in?
Please use plain text.
Honored Contributor
Ivan Ferreira
Posts: 6,957
Registered: ‎05-07-2004
Message 24 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

Please post /etc/pam.d/passwd and /etc/pam.d/system-auth
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Please use plain text.
Regular Advisor
joseph wholey
Posts: 120
Registered: ‎03-17-2006
Message 25 of 30 (225 Views)

Re: passwd: Authentication token manipulation error

root@rhel012 ~]# cat /etc/pam.d/passwd
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
[root@rhel012 ~]#

[root@rhel012 ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
[root@rhel012 ~]#
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation