passwd: Authentication token manipulation error

Latest response

Ran ansible user password change playbook and now I can't change the user password. Tried to ran passwd from the console but getting the error:
" passwd: Authentication token manipulation error". Anyone ever encountered this error?


Sisheer Guragain, as a starting point, try this link,

Also, let's say the username is "elvis", try this

Also try /sbin/pam_tally2 --user elvis and /sbin/faillock --user elvis and /sbin/faillock --reset --user elvis See that article too, let us know how it goes

I have tried everything, matter of fact, I can't change any other user's password even I am doing so as a root.

I fixed the problem. Had to fix system-auth and password-auth files and the issue got resolved. Thanks.

I suspect this is my problem as well. Can you share the changes you made to both files?

Regards, Greg Lindenfelser

Glad you got it resolved!

Perhaps consider posting the changes here you made for anyone else who faces a similar issue as you,


Greg, I do not remember exactly what I did since it's been a year already :) but please try removing use_authtok from both /etc/pam.d/system-auth and password-auth and give it a try ( just to test it ). Hope that helps.

Removing 'use_authtok' worked for me. Thanks for the tip!

"passwd: Authentication token manipulation error"

This error happened mostly on /etc/pam.d/system-auth & password-auth If you had change some configurations on that configuration file please make sure what you change is right even spelling of the text.

Can share how do you fix the system_auth and password_auth? thanks

Remove 'use_authok' from the following files:

/etc/pam.d/password-auth-local password requisite use_authtok remember=5 retry=3


password requisite use_authtok remember=5 retry=3

Updating password-auth and system-auth files fixed my issue. I didnot remove use_authok entry, instead I added "password required retry=3 minlen=8 dcredit=-1 ucredit=0 lcredit=-1 ocredit=0 reject_username" in both the files as per our techspec which fixed the issue.