Sometimes when We use the passwd command in Linux to set or change user account passwords, we may encounter the error: "passwd: Authentication token manipulation error".
Specifically, When trying to access the root account using the 'sudo -i' command, you are prompted for the 'root' password to log into the 'root' account. The first time you do this, you must change the password.
To authenticate the change, you are asked to re-enter the current password provided. After that, you can enter your new password (it will ask for this twice, once to create it and once to confirm) and the 'root' password will be set to the new value.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Linux queries.
Nature of passwd: authentication token manipulation error in Linux
Recently, we had a customer who tried to log in to his CentOS server with the username "linuxapt". He was trying to change the password using passwd utility. However, within seconds he receives the following error message:
# su - linuxap
$ passwd linuxap
Changing password for user linuxap
Changing password for linuxap
(current) UNIX password:
passwd: Authentication token manipulation error
How to fix Linux passwd: authentication token manipulation error ?
1. Set Correct PAM Module Settings
A possible cause of the error can be the wrong PAM (Pluggable Authentication Module) settings. It can make the module unable to obtain the new authentication token entered.
We can find the various settings for PAM in /etc/pam.d/:
$ ls -l /etc/pam.d/
-rw-r--r-- 1 root root 142 Mar 23 2017 abrt-cli-root
-rw-r--r-- 1 root root 272 Mar 22 2017 atd
-rw-r--r-- 1 root root 192 Jan 26 07:41 chfn
-rw-r--r-- 1 root root 192 Jan 26 07:41 chsh
-rw-r--r-- 1 root root 232 Mar 22 2017 config-util
-rw-r--r-- 1 root root 293 Aug 23 2016 crond
-rw-r--r-- 1 root root 115 Nov 11 2010 eject
lrwxrwxrwx 1 root root 19 Apr 12 2012 fingerprint-auth -> fingerprint-auth-ac
-rw-r--r-- 1 root root 659 Apr 10 2012 fingerprint-auth-ac
-rw-r--r-- 1 root root 147 Oct 5 2009 halt
-rw-r--r-- 1 root root 728 Jan 26 07:41 login
-rw-r--r-- 1 root root 172 Nov 18 2016 newrole
-rw-r--r-- 1 root root 154 Mar 22 2017 other
-rw-r--r-- 1 root root 146 Nov 23 2015 passwd
lrwxrwxrwx 1 root root 16 Apr 12 2012 password-auth -> password-auth-ac
-rw-r--r-- 1 root root 896 Apr 10 2012 password-auth-ac
For instance, a misconfigured /etc/pam.d/common-password file can result in this error.
We can fix this issue by running the pam-auth-update command with root privileges:
$ sudo pam-auth-update
2. Set Correct Permissions on Shadow File
/etc/shadow file stores actual passwords for user accounts in an encrypted format. Wrong permission in this file can also cause the error.
To check the permissions on this file, we run:
$ ls -l /etc/shadow
Then to set the correct permissions on it, we use the chmod command:
$ sudo chmod 0640 /etc/shadow
3. Remount Root Partition
We might also see this error if the / partition is mounted as read-only. This means no file can modify. Thus we cannot set or change a user's password.
To fix this error, we need to mount the root partition as read/write:
$ sudo mount -o remount,rw /
4. Free Up Disk Space
Suppose, our disk is full. In such a case, we cannot modify any file on the disk especially when the file’s size is meant to increase. This may eventually cause the error.
Here, we can try to remove any unwanted files so that there is no issue of lack of space.
In order to make the space, it is easier if we use tools like FSlint or BleachBit. They can help us to identify unwanted files and clean up the disk thus providing more space.
5. Reboot System
Another possible method is to try and reboot the system. This may fix the issue in some cases.
We can do this using:
$ sudo reboot
6. Repair and Fix Filesystem Errors
If none of the above methods work, we can try this method.
Minor storage drive or filesystem errors can also cause the error in question. Linux disk scanning tools such as fsck can fix such errors.
However, We recommend trying out fsck commands on test Linux servers with the help of system administrators or if we are pretty much experienced with fsck and it works.
We must always keep in mind to unmount a partition before we run fsck on it.
[Need help with with fixing Linux System errors? We can help you. ]