Bug 179653

Summary: Authentication token manipulation error
Product: Red Hat Enterprise Linux 4 Reporter: maurice dalton <maurice.dalton>
Component: passwdAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: nalin
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-02 20:27:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
requested conf files none

Description maurice dalton 2006-02-01 21:22:08 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)

Description of problem:
Getting authencation error while trying to change password as general user.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.login
2.passwd
3.enter new passwd
  

Actual Results:  bash-3.00$ passwd
Changing password for user joeuser.
Changing password for joeuser
(current) UNIX password: 
passwd: Authentication token manipulation error

Expected Results:  successful password change

Additional info:

Versions of packages installed


2.6.9-11.ELsmp

pam-0.77-66.5
pam_passwdqc-0.7.5-2
pam_ccreds-1-3
pam-devel-0.77-66.5
pam_smb-1.1.7-5
pam_krb5-2.1.2-1
spamassassin-3.0.4-1.el4
Comment 1 Nalin Dahyabhai 2006-02-01 22:56:37 UTC 
Could you please attach the contents of your /etc/pam.d/system-auth file,
/etc/krb5.conf, and /etc/pam_smb.conf files?
Comment 2 maurice dalton 2006-02-02 12:20:58 UTC 
Created attachment 124044 [details]
requested conf files
Comment 3 Tomas Mraz 2006-02-02 18:37:47 UTC 
More questions - is SELinux enabled? Are there any related messages in
/var/log/messages, /var/log/secure, /var/log/audit.log?
Comment 4 maurice dalton 2006-02-02 18:48:06 UTC 
  This messages is from /var/log/messages

Feb  2 12:48:50 sysmgr02 passwd(pam_unix)[22743]: authentication failure; 
logname=root uid=1501 euid=0 tty= ruser= rhost=  user=joeuser

There are no other log messages



dmesg:SELinux:  Initializing.
dmesg:SELinux:  Starting in permissive mode
dmesg:selinux_register_security:  Registering secondary module capability
dmesg:SELinux:  Registering netfilter hooks
dmesg:SELinux:  Disabled at runtime.
Comment 5 Tomas Mraz 2006-02-02 20:27:50 UTC 
Well it just seems like wrong password has been entered.

If you're asking why the error message was "Authentication token manipulation
error." and not "Authentication error." it's because of limitations of the way
how the PAM modules are set up for password changing. The pam_unix module is
sufficient -> doesn't affect return value if it fails. The return value is
determined by pam_deny which always returns "Authentication token manipulation
error."