Bug 179653 - Authentication token manipulation error
Authentication token manipulation error
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: passwd (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Mike McLean
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-01 16:22 EST by maurice dalton
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-02 15:27:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
requested conf files (10.00 KB, text/plain)
2006-02-02 07:20 EST, maurice dalton
no flags Details

  None (edit)
Description maurice dalton 2006-02-01 16:22:08 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)

Description of problem:
Getting authencation error while trying to change password as general user.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.login
2.passwd
3.enter new passwd
  

Actual Results:  bash-3.00$ passwd
Changing password for user joeuser.
Changing password for joeuser
(current) UNIX password: 
passwd: Authentication token manipulation error

Expected Results:  successful password change

Additional info:

Versions of packages installed


2.6.9-11.ELsmp

pam-0.77-66.5
pam_passwdqc-0.7.5-2
pam_ccreds-1-3
pam-devel-0.77-66.5
pam_smb-1.1.7-5
pam_krb5-2.1.2-1
spamassassin-3.0.4-1.el4
Comment 1 Nalin Dahyabhai 2006-02-01 17:56:37 EST
Could you please attach the contents of your /etc/pam.d/system-auth file,
/etc/krb5.conf, and /etc/pam_smb.conf files?
Comment 2 maurice dalton 2006-02-02 07:20:58 EST
Created attachment 124044 [details]
requested conf files
Comment 3 Tomas Mraz 2006-02-02 13:37:47 EST
More questions - is SELinux enabled? Are there any related messages in
/var/log/messages, /var/log/secure, /var/log/audit.log?
Comment 4 maurice dalton 2006-02-02 13:48:06 EST
  This messages is from /var/log/messages

Feb  2 12:48:50 sysmgr02 passwd(pam_unix)[22743]: authentication failure; 
logname=root uid=1501 euid=0 tty= ruser= rhost=  user=joeuser

There are no other log messages



dmesg:SELinux:  Initializing.
dmesg:SELinux:  Starting in permissive mode
dmesg:selinux_register_security:  Registering secondary module capability
dmesg:SELinux:  Registering netfilter hooks
dmesg:SELinux:  Disabled at runtime.



    
Comment 5 Tomas Mraz 2006-02-02 15:27:50 EST
Well it just seems like wrong password has been entered.

If you're asking why the error message was "Authentication token manipulation
error." and not "Authentication error." it's because of limitations of the way
how the PAM modules are set up for password changing. The pam_unix module is
sufficient -> doesn't affect return value if it fails. The return value is
determined by pam_deny which always returns "Authentication token manipulation
error."

Note You need to log in before you can comment on or make changes to this bug.