Bug 179653
Summary: | Authentication token manipulation error | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | maurice dalton <maurice.dalton> | ||||
Component: | passwd | Assignee: | Tomas Mraz <tmraz> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Mike McLean <mikem> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4.0 | CC: | nalin | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-02-02 20:27:50 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
maurice dalton
2006-02-01 21:22:08 UTC
Could you please attach the contents of your /etc/pam.d/system-auth file, /etc/krb5.conf, and /etc/pam_smb.conf files? Created attachment 124044 [details]
requested conf files
More questions - is SELinux enabled? Are there any related messages in /var/log/messages, /var/log/secure, /var/log/audit.log? This messages is from /var/log/messages Feb 2 12:48:50 sysmgr02 passwd(pam_unix)[22743]: authentication failure; logname=root uid=1501 euid=0 tty= ruser= rhost= user=joeuser There are no other log messages dmesg:SELinux: Initializing. dmesg:SELinux: Starting in permissive mode dmesg:selinux_register_security: Registering secondary module capability dmesg:SELinux: Registering netfilter hooks dmesg:SELinux: Disabled at runtime. Well it just seems like wrong password has been entered. If you're asking why the error message was "Authentication token manipulation error." and not "Authentication error." it's because of limitations of the way how the PAM modules are set up for password changing. The pam_unix module is sufficient -> doesn't affect return value if it fails. The return value is determined by pam_deny which always returns "Authentication token manipulation error." |