Version: 7.5
Resolved a strange password change error in RHEL 7.5/CentOS 7.5 which was not encountered in earlier RHEL version.
Steps to reproduce:
1. Login to Linux with regular user account which its password is expired
2. Linux will force user to change password after login
3. After entered new password, user get an error "Authentication token manipulation error"
Last login: Fri
May 1 18:04:55 2020 from 192.168.1.13
WARNING: Your
password has expired.
You must change
your password now and login again!
Changing password
for user wasadmin.
Changing password
for wasadmin.
(current) UNIX
password:
New password:
Retype new
password:
passwd:
Authentication token manipulation error
Connection to
local-centos75 closed.
Searched in many Internet forum on above error message, but noting related found. In other word, all the workarounds do not work.
So I went through PAM related log, and found the clue:
| /var/log/secure |
|---|
May 19 11:15:15 local-centos75 su:
pam_unix(su-l:account): expired password for user support (root enforced)
May 19 11:15:36 local-centos75 su:
pam_unix(su-l:chauthtok): can't open /etc/security/opasswd file to check
old passwords
|
Above error is a valid error that file "opasswd" really missing. This file should keep historical passwords which will prevent UNIX user to re-use older password (default 10).
Workaround
Re-create /etc/security/opasswd using following prcceduresudo touch /etc/security/opasswd
sudo chmod gu-r /etc/security/opasswd
ls -lZ /etc/security/opasswd
-rw-------. root root system_u:object_r:passwd_file_t:s0 /etc/security/opasswd
1 comment:
I encountered the 'passwd: Authentication token manipulation error' on Linux while changing my password. With the help of qFlipper, I found the solution quickly!
Post a Comment