From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727) Description of problem: Getting authencation error while trying to change password as general user. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.login 2.passwd 3.enter new passwd Actual Results: bash-3.00$ passwd Changing password for user joeuser. Changing password for joeuser (current) UNIX password: passwd: Authentication token manipulation error Expected Results: successful password change Additional info: Versions of packages installed 2.6.9-11.ELsmp pam-0.77-66.5 pam_passwdqc-0.7.5-2 pam_ccreds-1-3 pam-devel-0.77-66.5 pam_smb-1.1.7-5 pam_krb5-2.1.2-1 spamassassin-3.0.4-1.el4
Could you please attach the contents of your /etc/pam.d/system-auth file, /etc/krb5.conf, and /etc/pam_smb.conf files?
Created attachment 124044 [details] requested conf files
More questions - is SELinux enabled? Are there any related messages in /var/log/messages, /var/log/secure, /var/log/audit.log?
This messages is from /var/log/messages Feb 2 12:48:50 sysmgr02 passwd(pam_unix)[22743]: authentication failure; logname=root uid=1501 euid=0 tty= ruser= rhost= user=joeuser There are no other log messages dmesg:SELinux: Initializing. dmesg:SELinux: Starting in permissive mode dmesg:selinux_register_security: Registering secondary module capability dmesg:SELinux: Registering netfilter hooks dmesg:SELinux: Disabled at runtime.
Well it just seems like wrong password has been entered. If you're asking why the error message was "Authentication token manipulation error." and not "Authentication error." it's because of limitations of the way how the PAM modules are set up for password changing. The pam_unix module is sufficient -> doesn't affect return value if it fails. The return value is determined by pam_deny which always returns "Authentication token manipulation error."