Bug 2099920

Summary: Not able to change user password, even root fails with token manipulation error
Product: Red Hat Enterprise Linux 7 Reporter: joel <jwooten>
Component: passwdAssignee: Jiri Kucera <jkucera>
Status: CLOSED WONTFIX QA Contact: CS System Management SST QE <rhel-cs-system-management-subsystem-qe>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 7.4CC: ipedrosa, ovasik
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-30 08:02:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description joel 2022-06-22 00:47:40 UTC 
Description of problem:
We are not able to reset the passwords after rebooting the server via azure console (reset password).
It got failed while we tried to update the password.
Also we tried to recover the root password via hard reset of VM but it is giving below error:
Authentication token manipulation error.

RHEL 7.4 
No users can change password even in rescue mode
Comment 3 joel 2022-06-23 17:11:47 UTC 
Hello,

cu would like this to be expedited since it is severely impacting production environment.

Thanks
Comment 4 Jiri Kucera 2022-06-29 09:41:41 UTC 
It looks like that the error message comes from PAM. Iker, can you please verify?
Comment 5 Iker Pedrosa 2022-06-29 11:03:17 UTC 
Yes, that error message comes from PAM but I don't think the root cause lies in that package. I've been reviewing the complete customer case and there seems to be a problem when dealing with the password file (/etc/shadow), which causes PAM to be unable to modify the file and also to move it. For more information please check: https://access.redhat.com/support/cases/#/case/03203399/discussion?commentId=a0a6R00000SiqloQAB