Authentication token manipulation error changing linux users password

  • Blog
  • Authentication token manipulation error changing linux users password

Knowledge Base

Authentication token manipulation error changing linux users password

Table of Contents

Intro #

From a RELIANOID ADC system, there is a situation where the password of an user couldn’t be changed. The logs system shows something like:

Jul 27 11:57:23 relianoid10-lb enterprise.bin[80915]: (INFO) webgui :: STATUS: 200 REQUEST: GET /zapi/v4.0/zapi.cgi/system/users
Jul 27 11:57:35 relianoid10-lb dhclient[527]: XMT: Solicit on eth0, interval 113070ms.
Jul 27 11:57:38 relianoid10-lb enterprise.bin[80988]: (INFO) api :: POST DATA: {"password":"*******","newpassword":"*******"}
Jul 27 11:57:38 relianoid10-lb enterprise.bin[80988]: (INFO) rbac :: Request from johndoe to POST /system/users. Action allowed
Jul 27 11:57:38 relianoid10-lb enterprise.bin[80988]: (ERROR) Error trying to change the johndoe password
Jul 27 11:57:38 relianoid10-lb enterprise.bin[80988]: (ERROR) webgui :: Modify the user johndoe: Changing the password in the RBAC user johndoe.
Jul 27 11:57:38 relianoid10-lb enterprise.bin[80988]: (INFO) webgui :: STATUS: 400 REQUEST: POST /zapi/v4.0/zapi.cgi/system/users
Jul 27 11:57:38 relianoid10-lb enterprise.bin[80988]: (INFO) webgui :: Changing the password in the RBAC user johndoe.

If PAM authentication modules are enabled in a Linux System to apply some security and hardened user management, if some manual manipulation is done in /etc/passwd, /etc/shadow or /etc/group files, there is a weird but possible situation that some inconsistencies are found in the user creation procedure.

johndoe@noid-ee-01:/$ passwd johndoe
passwd: Authentication token manipulation error
passwd: password unchanged

This error doesn’t allow to change the password to a system user from the Linux command line. To address this issue you can try several things, see below.

Try the command pwconv #

If you execute this command from the administrator user, the files /etc/passwd and /etc/shadow are regenerated. Please, consider to make a backup to those files before applying this command.

root@noid-ee-01:/$ pwconv

If the pwconv command doesn’t work, please try the next one.

Try the command pam-auth-update #

PAM is a set of modules for authentication to a linux system. This command reconfigures the central authentication policy for the PAM system in the Linux server using the pre-defined profiles.

root@noid-ee-01:/$ pam-auth-update

If the pam-auth-update doesn’t work, then apply the next one.

Try a system reboot #

Probably, a failure with the filesystem mount could be found, so please try as the last option to fix this problem.

SHARE ON: #
What are your Feelings

Powered by BetterDocs