Cannot Change Password for Local Users

Solution Verified - Updated -

Environment

Red Hat Enterprise Linux 7

Issue

Running ‘passwd ’ results in a “passwd: Authentication token manipulation error” :

root@server ]# passwd testuser
Changing password for user testuser.
passwd: Authentication token manipulation error
  • All local users on the system are effected with the inability to update or change passwords
  • The basic troubleshooting steps outlined in solutions article 21693 have been exhausted.
  • Issue is persistent if .lock files in /etc/ for passwd, groups, shadow, and gshadow have been found and removed.
  • Properly removing the use_authtok variable in /etc/pam.d/system-auth and /etc/pam.d/password-auth does not resolve issue.

Resolution

You may need to enable sssd, sssdauth, and mkhomedir within your PAM configuration. On how to do this, follow the steps below:

  • It is strongly recommended that backups be made prior to changing anything in PAM using the —-savebackup option:
# authconfig --savebackup=/backups/authconfigbackup-$(date +”%m-%d-%y-%T”)
  • After backups are made, execute the following command:
# authconfig --enablesssd --enablesssdauth --enablemkhomedir --updateall
  • Run the 'passwd' command against a user to verify if their password can be updated.
  • A reboot may be needed if the error persists after making these changes.

To restore previous PAM settings for any reason, please follow the instruction below:

  • Restore:
# authconfig --restorebackup=/backups/<your-authconfigbackup-file>

OR

  • Restore from Last Backup:
# authconfig --restorelastbackup

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments