cannot change password: Authentication token manipulation error

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

cannot change password: Authentication token manipulation error

Frédéric
Hi,

I cannot change the root password:
# LANG=en_US.UTF-8 passwd
Changing password for user root.
New password:
Retype new password:
passwd: Authentication token manipulation error

I tried what is said here:
https://www.tecmint.com/fix-passwd-authentication-token-manipulation-error-in-linux/
without success (I did not find tool pam-auth-update, it's probably ubuntu):
- reboot
- mount -o remount,rw /
- chmod 640 /etc/shadow

Regards,

F
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: cannot change password: Authentication token manipulation error

Frédéric
> I cannot change the root password:
> # LANG=en_US.UTF-8 passwd
> Changing password for user root.
> New password:
> Retype new password:
> passwd: Authentication token manipulation error

Anybody has an idea?

Kind regards,

F
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: cannot change password: Authentication token manipulation error

Samuel Sieb
On 1/8/19 9:57 PM, Frédéric wrote:
>> I cannot change the root password:
>> # LANG=en_US.UTF-8 passwd
>> Changing password for user root.
>> New password:
>> Retype new password:
>> passwd: Authentication token manipulation error
>
> Anybody has an idea?

Why do you need to set the LANG?
Have you checked the journal for any messages?
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: cannot change password: Authentication token manipulation error

Samuel Sieb
On 1/8/19 10:59 PM, Samuel Sieb wrote:

> On 1/8/19 9:57 PM, Frédéric wrote:
>>> I cannot change the root password:
>>> # LANG=en_US.UTF-8 passwd
>>> Changing password for user root.
>>> New password:
>>> Retype new password:
>>> passwd: Authentication token manipulation error
>>
>> Anybody has an idea?
>
> Why do you need to set the LANG?
> Have you checked the journal for any messages?

Also, what is the result of "echo $?" run right after the passwd attempt?
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: cannot change password: Authentication token manipulation error

Frédéric
> Why do you need to set the LANG?

to get the error message in English to post to this list.

> Have you checked the journal for any messages?

I guess this is what matters:
AVC avc:  denied  { create } for  pid=6267 comm="passwd"
name="nshadow" scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:etc_t:s0 tclass=file permissive=0

Jan 09 09:05:16 gamma su[6232]: (to root) fred on pts/0
Jan 09 09:05:16 gamma audit[6232]: CRED_ACQ pid=6232 uid=1000
auid=1000 ses=6
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su"
hostname=gamma addr=? terminal=pts/0 res=success'
Jan 09 09:05:16 gamma su[6232]: pam_systemd(su-l:session): Cannot
create session: Already running in a session
Jan 09 09:05:16 gamma su[6232]: pam_unix(su-l:session): session opened
for user root by (uid=1000)
Jan 09 09:05:16 gamma audit[6232]: USER_START pid=6232 uid=1000
auid=1000 ses=6
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:session_open
grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth
acct="root" exe="/usr/bin/su" hostname=gam>
Jan 09 09:05:44 gamma audit[1]: SERVICE_STOP pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd"
hostname=? addr=? terminal=? res=success'
Jan 09 09:06:04 gamma audit[6267]: AVC avc:  denied  { create } for
pid=6267 comm="passwd" name="nshadow"
scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:etc_t:s0 tclass=file permissive=0
Jan 09 09:06:04 gamma audit[6267]: USER_CHAUTHTOK pid=6267 uid=0
auid=1000 ses=6 subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023
msg='op=PAM:chauthtok grantors=? acct="root" exe="/usr/bin/passwd"
hostname=gamma addr=? terminal=pts/0 res=failed'
Jan 09 09:06:04 gamma passwd[6267]: gkr-pam: couldn't update the login
keyring password: no old password was entered


> Also, what is the result of "echo $?" run right after the passwd attempt?

1
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: cannot change password: Authentication token manipulation error

Frédéric
> > sudo touch /.autorelabel

I did that + reboot and now passwd works.
Thanks a lot!

F
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...