linux中修改用户密码报错 passwd:Authentication token manipulation error

出现“passwd:Authentication token manipulation error”这种问题需要考虑以下情况:

1、错误出现在输入完新密码后
问题:/etc/passwd, /etc/shadow文件被锁住,不允许修改。

[root@weijing ]# lsattr /etc/passwd 
----i-------- /etc/passwd
[root@weijing ]# lsattr /etc/shadow
----i-------- /etc/shadow

[root@weijing ]# passwd weijing
Changing password for user weijing.
New UNIX password: 
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password: 
passwd: Authentication token manipulation error

解决方法:

[root@weijing ]# chattr -i /etc/shadow 
[root@weijing ]# chattr -i /etc/passwd
[root@weijing ]# lsattr /etc/passwd
------------- /etc/passwd
[root@weijing ]# lsattr /etc/shadow 
------------- /etc/shadow

2、系统磁盘或者inode 100%满了,导致修改用户报错,通过df -h及df -i查看

3、输入完passwd后立即报错
应该是/etc/pam.d/认证的地方出问题了

[root@weijing ~]# passwd weijing
Changing password for user weijing .
passwd: Authentication token manipulation error
You have new mail in /var/spool/mail/root

注释了password:

[root@weijing ~]# cat /etc/pam.d/passwd 
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
#password   required    pam_stack.so service=system-auth

解决方法:

[root@weijing ~]# cat /etc/pam.d/passwd 
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required    pam_stack.so service=system-auth

3、/etc/pam.d/system-auth 文件内容被清空。
添加如下:

[root@weijing ~]# cat /etc/pam.d/system-auth 
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow    
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

发表评论