Getting an "Authentication token manipulation" error when trying to change my user password
I am logging in to my Ubuntu Server using my username. Once I am logged in I am typing
passwdcommand. Entering a new password but a second after getting following error messages:
passwd: Authentication token manipulation error passwd: password unchanged
What is wrong here? How can I change my password otherwise if I don't have access to that server physically, i.e. I am connecting remotely with
The first prompt asks for your CURRENT password. Have you done that, cause if you just typed the new one, you'll get the error message you say..
i have the same problem, and find the answer from this link https://help.ubuntu.com/community/LostPassword https://blog.imammubin.com/reset-ubuntu-passwd/2014/07/07/ try this code: mount -rw -o remount / hope this helpfull..
@Mubin: That's for an emergency recovery from single-user mode. Since this question is about a logged-in user, we can safely assume it's not a recovery scenario.
If you insert the wrong passwd
$ passwd Changing password for rinzwind. (current) UNIX password: passwd: Authentication token manipulation error passwd: password unchanged
you get this error. If you are sure that you inserted the correct one, this error might also show up if you are using shadowed password files and the shadow doesn’t have an entry for this user (basically
/etc/passwdhas an entry for this user, but
In order to fix this, you can either add the entry manually (make a backup first!!!) or recreate the shadow file with
+1 my passwd/shadow set up was all messed up. Your `pwconv` hint was a lifesaver!
by me it was the problem, that I was entering very simple passwords like only number. try to use some secure password .
@Rinzwind You can see this https://unix.stackexchange.com/questions/429581/how-to-set-entry-point-to-etc-shadow
Do these two things just to make sure:
mount -o remount,rw /
This first part remounts the root partition as read/write since it was only in read mode. It actually dismounts the root partition and then mounts it again as read/write.
Then do this:
chmod 640 /etc/shadow
Then do the
sudo passwd USER. It should work after that. This part gives the correct permissions to the shadow file.
Great, thanks Luis! Should I change the root directory back to Read mode when I finish with this?
@Stew no. It should stay like Read/Write. This is only when you want to fsck the disk for some problems not booting correctly or other issues. By default Ubuntu Server/Desktop should boot with root in Read/Write mode. So this method should not be needed after the problem (any that caused the issue) was solved.
fixed my messed
Aww, yeah. This high-level utility didn't solve the problem, but narrowed it down to "read-only filesystem". From then on - peace of cake.
works wonders if the pam config was wrong and no login possible anymore. From root grub shell execution of pam-auth-update fixed it. thanks @jouell
I'm not sure how it happened. A sudo user created my account then deleted it then created it again.
Here is what I found
mount -o remount,rw / passwd passwd: Authentication token manipulation error
Showed no errors.
Showed no errors.
ls -l /etc/passwd /etc/group /etc/shadow /etc/shadow- -rw-r--r-- 1 root root 767 May 7 16:45 /etc/group -rw-r--r-- 1 root root 1380 May 7 16:45 /etc/passwd -rw-r----- 1 root shadow 1025 May 8 09:11 /etc/shadow -rw------- 1 root root 1025 May 7 16:46 /etc/shadow-
sudo cat /etc/shadow |grep oracle oracle:$6$FsPqyplr$DrIvjFDSx0ipHmECMw1AU5hTrbNMnnkGRdFlaQcM.p3Rdu2OLjY20tzUTW61HlFH16cal56rKlLuW4j2mK9D.:15833:0:99999:7:::
Showed user and encrypted password.
sudo cat /etc/shadow- |grep oracle
Showed nothing. Not sure what that means but doesn't look right.
sudo passwd -d oracle passwd
So the solution was to delete the password then reset new password.
Hope this helps.
This issue occurred due to the incorrect permissions set to
Please try to set the permission as 4511 by using the command:
chmod 4511 /usr/bin/passwd
This will resolve the issue.
The server I was working on was configured with some sort of Windows Authentication through PowerBroker Identity Server(PBIS).
Basically when I input
sudo pam-auth-update, the following options appear:
Unselect the first item of the list using the Space Bar Key to Select/Unselect, and Up/Down arrows if necessary.
Then move to the
OkOption using Tab, and Left/Right arrow keys if necessary.
Press Enter on top of the
After this, I could use
Once you are done with your user configuration, you can go back to
sudo pam-auth-update, and leave the settings as before.
In the general case (i.e. not using the PowerBroker Identity Server(PBIS)), it seems to be important to have the
Unix Authenticationactivated (and no other authentication system).