Recently, I was changing password of a user in Linux when I encountered this ‘Authentication Token Manipulation Error’.
I used the usual passwd command to change the password and it threw me this error and password was not changed.
sudo passwd my_user_name
Changing password for user my_user_name
Changing password for my_user_name
(current) UNIX password:
passwd: Authentication token manipulation error
passwd: password unchanged
Fixing Authentication Token Manipulation Error in Ubuntu
The ‘Authentication Token Manipulation Error’ simply means that for some reasons, the password change wasn’t successful.
There could be a number of reasons for that. In simple cases, you’ll see the root cause of the issue in the output itself. For example, if you didn’t supply a password, you should see it in the error:
No password supplied
passwd: Authentication token manipulation error
passwd: password unchanged
Similarly, if the password retype mismatched, it will show that info as well:
Sorry, passwords do not match
passwd: Authentication token manipulation error
passwd: password unchanged
That’s easy because you know what caused the issue and you can take a corrective action based on that. But you might not always be that lucky because in some cases, you won’t see any useful information, just the error.
Let’s see some of these cases and fix this issue.
Method 1
If you know the Linux directory structure, you know that the /etc/shadow directory keeps the password in encrypted format along with a few other information about users and their password.
This is why you should make sure that you have the permission to read and write on this file. Since you’ll be changing the password as the superuser, this file should have read and write permission for the root.
ls -l /etc/shadow
-rw-r----- 1 root shadow 1488 Oct 14 18:07 /etc/shadow
If that’s not the case, then you should set the correct permission:
sudo chmod 640 /etc/shadow
Method 2
The method 1 will work in most cases. But in my case, I had to remount root partition with read and write permission. I was trying to reset my admin password in Ubuntu actually.
mount -rw -o remount /
In some rare cases, your disk might be so full that you cannot make any changes to the /etc/shadow file. But if that’s the case, then you’ll be facing a lot of other issues as well.
Did it work for you?
I shared what worked for me and I can only hope that it worked for you as well. Did it? Which method worked for you? Do mention it in the comments.
Touchy topic with “Shadow file really being a secret system file contained in a System operated Secure Directory as /etc. Few distros might even create another copy “gshadow” even ” gshadow- “. Features of umask and the gecko of Permissions might be up to review – one per a secure method might balk at permissions of 640 for shadow file alone!, and might consider 600 as their choice for integrity and use for more secure presence, Shadow contains all passwd hash. If able to read by the group users or Travelers and operators say permissions of 644 of an OS having read access might present any admin with a puzzle to keep notice to what is available for allowance to what who can see and read these files. Home Hobby Users still might consider what web site can read thru crafty scripts their hard drive contents. tip to thinking what exposed files can be taken on a simple unnoticed visit and X-days later be compromised. be a something surely to be aware – or keep good backups. (surely is a something to consider! ). Maybe most files in /etc and contained should be 600 as permissions hold. Lively Topic.