Local user cannot able to change password

B

bentech4u

New Member
Joined
Sep 1, 2021
Messages
5
Reaction score
0
Credits
40
HI

i have issue with centos system were i cannot able to change local users password.

Code: 
[user1@SERVER1 ~]$ passwd
Changing password for user user1.
Changing password for user1.
(current) UNIX password:
passwd: Authentication token manipulation error

and the same time/var/log/secure is printing below message

Code: 
Sep  1 10:38:22 SERVER1 unix_chkpwd[40690]: check pass; user unknown
Sep  1 10:38:32 SERVER1 unix_chkpwd[42164]: check pass; user unknown
Sep  1 10:38:32 SERVER1 unix_chkpwd[42164]: password check failed for user (user1)
Sep  1 10:38:32 SERVER1 passwd: pam_unix(passwd:chauthtok): authentication failure; logname= uid=1030 euid=1030 tty=pts/1 ruser= rhost=  user=user1

system-auth file:

Code: 
auth        required      pam_env.so
auth required   pam_tally2.so deny=3
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so
account required pam_tally2.so

password        requisite pam_cracklib.so try_first_pass retry=3 difok=0 ocredit=-0 dcredit=-1 ucredit=-1 lcredit=-1 minlen=10  maxrepeat=3
password        sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=12
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

password-auth file:
Code: 
auth        required      pam_env.so
auth required   pam_tally2.so deny=3
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so
account required pam_tally2.so

password        requisite pam_cracklib.so try_first_pass retry=3 difok=0 ocredit=-0 dcredit=-1 ucredit=-1 lcredit=-1 minlen=10  maxrepeat=3
password        sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=12
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so


please help me to fix this

regards,
Ben
 


Which version of CentOS are you using?
 
CentOS 6 is End of Life, upgrade to a supported version. It doesn't seem to be a user problem because you are logged in with that user, your password should meet the requirements of how it is defined in your pam configuration or else it will refuse to accept it as a valid new password.
password requisite pam_cracklib.so try_first_pass retry=3 difok=0 ocredit=-0 dcredit=-1 ucredit=-1 lcredit=-1 minlen=10 maxrepeat=3
Click to expand...
 
Last edited:
f33dm3bits said:
CentOS 6 is End of Life, upgrade to a supported version. It doesn't seem to be a user problem because you are logged in with that user, your password should meet the requirements of how it is defined in your pam configuration or else it will refuse to accept it as a valid new password.
Click to expand...


i replaced that line with below

password requisite pam_cracklib.so try_first_pass retry=3 type=

still same,

as the logged in user :

Changing password for user user1.
Changing password for user1.
(current) UNIX password:
passwd: Authentication token manipulation error

means it is not even allowing me to enter new password,
 
UPDATE:

i did "chmod u+s /sbin/unix_chkpwd" and it is changed the behavior.

Changing password for user user1.
Changing password for user1.
(current) UNIX password:
New password:
Retype new password:
passwd: Authentication token manipulation error

now server is accepting current password and failed to change previously it was not even accepting password. and the same time error on secure file got changed to below:

Code: 
passwd: pam_unix(passwd:chauthtok): can't open /etc/security/opasswd file to check old passwords
 
REMINDER: CentOS 6 is End of Life, upgrade to a supported version.

What are the permissions of the following files now?
Code: 
ls -l /sbin/unix_chkpwd /etc/security/opasswd
 
You must log in or register to reply here.

Staff online

Members online

Total: 815 (members: 7, guests: 808)

Latest posts

Top