出现“passwd:Authentication token manipulation error”这种问题需要考虑以下情况:
1、错误出现在输入完新密码后
问题:/etc/passwd, /etc/shadow文件被锁住,不允许修改。
[root@weijing ]# lsattr /etc/passwd ----i-------- /etc/passwd [root@weijing ]# lsattr /etc/shadow ----i-------- /etc/shadow [root@weijing ]# passwd weijing Changing password for user weijing. New UNIX password: BAD PASSWORD: it is based on a dictionary word Retype new UNIX password: passwd: Authentication token manipulation error
解决方法:
[root@weijing ]# chattr -i /etc/shadow [root@weijing ]# chattr -i /etc/passwd [root@weijing ]# lsattr /etc/passwd ------------- /etc/passwd [root@weijing ]# lsattr /etc/shadow ------------- /etc/shadow
2、系统磁盘或者inode 100%满了,导致修改用户报错,通过df -h及df -i查看
3、输入完passwd后立即报错
应该是/etc/pam.d/认证的地方出问题了
[root@weijing ~]# passwd weijing Changing password for user weijing . passwd: Authentication token manipulation error You have new mail in /var/spool/mail/root
注释了password:
[root@weijing ~]# cat /etc/pam.d/passwd #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth #password required pam_stack.so service=system-auth
解决方法:
[root@weijing ~]# cat /etc/pam.d/passwd #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth
3、/etc/pam.d/system-auth 文件内容被清空。
添加如下:
[root@weijing ~]# cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so