Home / ubuntu / Questions / 91188
Accepted
era878
Asked: 2011-12-29 21:22:00 +0800 CST

Authentication token manipulation error

  • 772

I forgot my Ubuntu password so I booted into recovery and dropped into a root shell prompt and this is what happened:

root@username-PC:~# passwd username
Enter new UNIX password:
Retype new UNIX password:
passwd: Authentication token manipulation error
passwd: password unchanged
password-recovery

5 Answers

  1. Best Answer

    Also make sure you are mounting the file system read/write.

    After immediately selecting 'Drop into root shell prompt' I found the filesystem was mounted read only, which prevents resetting the password.

    Choosing the option to remount / as read/write and going back into the root shell prompt enabled the password change.

    The command to run prior to changing the password is: mount -rw -o remount /

    • 191

  2. I'm not sure how it happened. A sudo user created my account then deleted it then created it again.

    Here is what I found

    mount -o remount,rw /
passwd
passwd: Authentication token manipulation error

    No change.

    sudo pwck

    Showed no errors.

    sudo grpck

    Showed no errors.

    ls -l /etc/passwd /etc/group /etc/shadow /etc/shadow-
-rw-r--r-- 1 root root    767 May  7 16:45 /etc/group
-rw-r--r-- 1 root root   1380 May  7 16:45 /etc/passwd
-rw-r----- 1 root shadow 1025 May  8 09:11 /etc/shadow
-rw------- 1 root root   1025 May  7 16:46 /etc/shadow-

    Looks normal.

    sudo cat /etc/shadow |grep oracle
oracle:$6$FsPqyplr$DrIvjFDSx0ipHmECMw1AU5hTrbNMnnkGRdFlaQcM.p3Rdu2OLjY20tzUTW61HlFH16cal56rKlLuW4j2mK9D.:15833:0:99999:7:::

    Showed user and encrypted password.

    sudo cat /etc/shadow- |grep oracle

    Showed nothing. Not sure what that means but doesn't look right.

    sudo passwd -d oracle
passwd

    So the solution was to delete the password then reset new password.

    Hope this helps.

    I originally posted here Getting an "Authentication token manipulation" error when trying to change my user password but google shows this result first so, I re-posted.

    • 18

  3. I got this error by changing password with device where date was not set. (ie. it was random after boot)

    Basically what happened was that when I changed the password the illegal timestamp got updated to /etc/shadow. After that one could not use that account to login or change its password. Even with root account it was impossible to change that password again.

    To fix the account I had to:

    1. Set the correct date
    2. Edit sane expiration/last password change dates to /etc/shadow file (I used last working shadow file)
    3. Change the password with root-rights to new one.
    • 5

  4. This error is coming from PAM (Pluggable Authentication Module) which says the module was unable to obtain the new authentication token (check auth.log for more details about this error).

    This is related to your authorization settings found in /etc/pam.d/ directory (such as minimum_uid in common-auth or some other restrictions requisite marks). So please double check that the settings in PAM module are correct.

    See: man pam_chauthtok

    PAM_AUTHTOK_ERR: A module was unable to obtain the new authentication token.

    Sometimes this error may happen when changing password for a user which didn't have the current password set yet and passwd still asks for it, so the workaround is to force the change by adding sudo, e.g.: sudo passwd $USER.

    • 5

  5. If you have LikeWise or PowerBroker installed, this will occur for root. I was forced to uninstall pbis-open (which i was not using anymore).

    sudo aptitude purge pbis-open pbis-open-legacy pbis-open-gui pbis-open-upgrade
    • 0