Getting error as "You must wait longer to change your password" while changing user password in Red Hat Enterprise Linux

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 5/6

Issue

  • While changing the user password getting following error:
You must wait longer to change your password  
passwd: Authentication token manipulation error
  • User is unable to change its password and getting error as "You must wait longer to change your password".
  • Copied the user passwd entries from a BSD box. That may be what is causing the problem. However, pwck come back clean.

Resolution

  • First check password aging policies/information for user as follows:
# chage -l user  
Last password change: Feb 07, 2011  
Password expires: May 08, 2011  
Password inactive: never  
Account expires: never  
Minimum number of days between password change: 7       <---
Maximum number of days between password change: 90  
Number of days of warning before password expires: 28

  • If Minimum number of days required for password change is set to 7 days then it will prompt an error message as You must wait longer to change your password while changing password using command passwd

  • Change the password aging information to linux defaults and try to change the password.
    Changing 4th field to '0' will change Minimum number of days between password change to '0' so that user will be able to change its password without any restrictions.
    Make following changes to "/etc/shadow" file as root user:

user:$1$rmOPqlKQ$DMS2VsQuV/LNh8it5jT.N0:15012:0:99999:7:::     <---

OR

  • Expire the user's password using root account:
# chage -d 0 user
  • Then check again for password aging information for user:
* # chage -l user  
Last password change: Feb 07, 2011  
Password expires: May 08, 2011  
Password inactive: never  
Account expires: never  
Minimum number of days between password change: 0    <---  
Maximum number of days between password change: 90  
Number of days of warning before password expires: 28
  • Try to change the password and it should work now.

Root Cause

  • The issue mentioned above seems to be due to user password expiry settings are too restrictive.

  • Minimum number of days between password change was set to 7 days so password change was not allowed before 7 days. The error You must wait longer to change your password was suggesting the same.

Diagnostic Steps

  • Are the users present in /etc/passwd also do exist in /etc/shadow ?

  • If /etc/passwd and /etc/shadow are inconsistent, execute the command 'pwconv' to sync the user details.

$ pwconv

  • Any changes in PAM configurations (Check ordering of modules in PAM stack)?

  • Copy "/etc/passwd" and "/etc/shadow" entry for any user to local system and try to able to reproduce the issue.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments