linux 修改用户密码 报错 linux中修改用户密码报错 passwd：Authentication token manipulation error...

出现“passwd：Authentication token manipulation error”这种问题需要考虑以下情况：

1、错误出现在输入完新密码后

问题：/etc/passwd, /etc/shadow文件被锁住，不允许修改。

[root@weijing ]# lsattr /etc/passwd

----i-------- /etc/passwd

[root@weijing ]# lsattr /etc/shadow

----i-------- /etc/shadow

[root@weijing ]# passwd weijing

Changing password for user weijing.

New UNIX password:

BAD PASSWORD: it is based on a dictionary word

Retype new UNIX password:

passwd: Authentication token manipulation error

解决方法：

[root@weijing ]# chattr -i /etc/shadow

[root@weijing ]# chattr -i /etc/passwd

[root@weijing ]# lsattr /etc/passwd

------------- /etc/passwd

[root@weijing ]# lsattr /etc/shadow

------------- /etc/shadow

2、系统磁盘或者inode 100%满了，导致修改用户报错，通过df -h及df -i查看

3、输入完passwd后立即报错

应该是/etc/pam.d/认证的地方出问题了

[root@weijing ~]# passwd weijing

Changing password for user weijing .

passwd: Authentication token manipulation error

You have new mail in /var/spool/mail/root

注释了password：

[root@weijing ~]# cat /etc/pam.d/passwd

#%PAM-1.0

auth required pam_stack.so service=system-auth

account required pam_stack.so service=system-auth

#password required pam_stack.so service=system-auth

解决方法：

[root@weijing ~]# cat /etc/pam.d/passwd

#%PAM-1.0

auth required pam_stack.so service=system-auth

account required pam_stack.so service=system-auth

password required pam_stack.so service=system-auth

3、/etc/pam.d/system-auth 文件内容被清空。

添加如下：

[root@weijing ~]# cat /etc/pam.d/system-auth

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required /lib/security/$ISA/pam_env.so

auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok

auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so

account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet

account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3

password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow

password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so

session required /lib/security/$ISA/pam_unix.so