(This might be a bug against PAM rather than the passwd program itself.) If you add a user by hand to the /etc/passwd and /etc/group files, for whatever reason, then you might expect 'passwd user' to set the password. However, it prompts for the password and then prints passwd: User not known to the underlying authentication module You can work around this by adding a dummy line to the shadow password file: # echo 'user:!!:14202:0:99999:7:::' >>/etc/shadow However, it would be better if the passwd program were more robust, and seeing that the user is not currently mentioned in /etc/shadow, would add the new line itself. To reproduce: manually add a user to /etc/passwd. Run 'passwd user'. Expected result: the usual password prompt then add an entry to /etc/shadow if missing, or update the existing entry in /etc/shadow if present. Actual result: prompts for password but then fails with 'User not known'.
What was the exact line you added to the /etc/passwd by hand?
pam_unix module does not support creating shadow entries from scratch. You should use the shadow-utils or utils from libuser to create user entries. Or if you need just to add a shadow entry for an user you should call pwconv.