Re: passwd: Authentication token manipulation error

joseph wholey · ‎03-28-2006

RHEL3 AS. I created a handful of userids on the system. When I log into the system as one of those users and issue "passwd" (to change the password), I get the following error.

passwd: Authentication token manipulation error

Any ideas.

Ivan Ferreira · ‎03-28-2006

Try running system-config-auth and configure the right values.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

joseph wholey · ‎03-28-2006

If you are talking about the /etc/pam.d/system-auth, it has the same values as all of my other working systems. If you are in fact talking about a file called "system-config-auth", it doesn't exist.

Ivan Ferreira · ‎03-28-2006

It was system-config-authentication, and yes, I want that system-config-authentication set the right values for /etc/pam.d/passwd and related files. Check also /etc/nsswitch.conf.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

joseph wholey · ‎03-28-2006

Ivan, can you be a little more clear on what you are saying... thx.

Rick Garland · ‎03-28-2006

I see this when there acct's corresponding entry is not in the /etc/shadow file.

This is 1 situation is which this error occurs.

Ivan Ferreira · ‎03-28-2006

How did you created these users? With useradd? Are you using something like NIS or LDAP?

What I mean is that running system-config-authentication you can configure the pam settings for the files located in /etc/pam.d.

In /etc/nsswitch.conf you should have something like this:

passwd: files nis
shadow: files nis
group: files nis

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

joseph wholey · ‎03-28-2006

Not running NIS or LDAP in my environment.

Vitaly Karasik_1 · ‎03-28-2006

Joseph,
So you're able to login with your user account (and not just "su" from root), but cannot change password using "passwd"?

joseph wholey · ‎03-29-2006

Correct.

Ivan Ferreira · ‎03-29-2006

What do you get when you run passwd in the /var/log/messages and /var/log/secure file?

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Ivan Ferreira · ‎03-29-2006

Also, ensure that the passwd command has the SUID bit enabled and it's owned by root.root.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Vitaly Karasik_1 · ‎03-29-2006

- can you send us output of
"grep passwd /etc/nsswitch.conf"
- is it possible to change root's password?
- is root able to change user's password?

joseph wholey · ‎03-29-2006

- can you send us output of
"grep passwd /etc/nsswitch.conf"
[root@rhel012 u]# grep passwd /etc/nsswitch.conf
#passwd: db files ldap nis
passwd: files

- is it possible to change root's password?
yes

- is root able to change user's password?
yes

Vitaly Karasik_1 · ‎03-29-2006

Agree with Ivan - permission/ownership of /usr/bin/passwd may be a problem. Let's check integrity of "passwd" package with

rpm -V passwd

command. Output of this command should be empty if everything is OK.

joseph wholey · ‎03-29-2006

As indicated... no output.

Vitaly Karasik_1 · ‎03-29-2006

"chpw" output?

Steven Mertens · ‎03-29-2006

Hello,

Is it possible you never set an initial password for the users you created with root ?

Try first setting a password with root for
the users you created.
Login with one of the created users and try passwd then.

Hope this helps.

S.

joseph wholey · ‎03-30-2006

Possible... but not the case. I create the id, set the password, log in for the first time using that password, go to change the password, and then I get the error:

passwd: Authentication token manipulation error

thx

Is it possible you never set an initial password for the users you created with root ?

Try first setting a password with root for
the users you created.
Login with one of the created users and try passwd then.

Ivan Ferreira · ‎03-30-2006

Logs please! /var/log/message /var/log/secure after the passwd command.

Check permissions for the /etc/passwd and /etc/shadow file.

/etc/passwd root.root -rw-r--r--
/etc/shadow root.root -r--------

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

joseph wholey · ‎03-30-2006

-rw-r--r-- 1 root root 2558 Mar 30 09:40 /etc/passwd
-r-------- 1 root root 1958 Mar 30 09:40 /etc/shadow

Creating ID and changing password:

/var/log/secure
Mar 30 09:40:55 rhel012 useradd[21436]: new user: name=cognos, uid=206, gid=306, home=/home/cognos, shell=/bin/ksh

/var/log/messages
Mar 30 09:40:55 rhel012 passwd(pam_unix)[21439]: password changed for cognos

ssh'ing into server (as cognos) with above id and password previously created:

/var/log/secure (after logging in as cognos)
Mar 30 09:43:49 rhel012 sshd[21487]: Accepted password for cognos from ::ffff:10.160.11.75 port 35769 ssh2

/var/log/messages (after logging in as cognos)
Mar 30 09:43:49 rhel012 sshd(pam_unix)[21490]: session opened for user cognos by (uid=0)

attempting to change cognos' password as cognos:

$ passwd
Changing password for user cognos.
Changing password for cognos
(current) UNIX password:
passwd: Authentication token manipulation error

/var/log/secure (no new messages)

/var/log/messages
Mar 30 09:48:32 rhel012 passwd(pam_unix)[21582]: authentication failure; logname=cognos uid=206 euid=0 tty=pts/1 ruser= rhost= user=cognos

Ivan Ferreira · ‎03-30-2006

Are you sure that you are specifying your CURRENT password (used to login) correctly before the NEW password?

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

joseph wholey · ‎03-30-2006

Well, if I wasn't, how would I be able to log in?

Ivan Ferreira · ‎03-30-2006

Please post /etc/pam.d/passwd and /etc/pam.d/system-auth

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

joseph wholey · ‎03-30-2006

root@rhel012 ~]# cat /etc/pam.d/passwd
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
[root@rhel012 ~]#

[root@rhel012 ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
[root@rhel012 ~]#

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: passwd: Authentication token manipulation error

passwd: Authentication token manipulation error