From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3-12smp i686) Description of problem: Senario: Root created new user "chiptest" via useradd. Root created this user's passwd. Root used chage to cause it to expire. Allow user to login with given pw and system forces change password. No matter what new pw user chooses, login/pam fails to allow change. Note: I used mkpasswd to generate a random pw in below examples. Root re-enables chage to not cause user's pw to be expired. User logins in ok. User runs passwd to change pw successfully. Problem seems repeatable. -- The problem: showme<ccapelik>64$ telnet localhost Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Red Hat Linux release 7.1 (Seawolf) Kernel 2.4.3-12smp on an i686 login: chiptest Password: You are required to change your password immediately (password aged) Changing password for chiptest (current) UNIX password: New UNIX password: BAD PASSWORD: is too simple New UNIX password: BAD PASSWORD: is too simple New UNIX password: BAD PASSWORD: is too simple Authentication token manipulation error Connection closed by foreign host. -- Although this work for same user: [chiptest@showme chiptest]$ passwd Changing password for chiptest (current) UNIX password: New UNIX password: BAD PASSWORD: it is based on your username New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully [chiptest@showme chiptest]$ passwd Changing password for chiptest (current) UNIX password: New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully [chiptest@showme chiptest]$ -- Some messages: + egrep -i auth /var/log/messages Jul 30 08:47:27 showme login(pam_unix)[31437]: authentication failure; logname= uid=0 euid=0 tty=pts/14 ruser= rhost=localhost user=chiptest Jul 30 08:47:29 showme login[31437]: Authentication token manipulation error Jul 30 08:47:33 showme login(pam_unix)[31440]: authentication failure; logname= uid=0 euid=0 tty=pts/14 ruser= rhost=localhost Jul 30 08:47:35 showme login[31440]: FAILED LOGIN 1 FROM localhost FOR chip, Authentication failure Jul 30 08:47:38 showme login(pam_unix)[31440]: authentication failure; logname= uid=0 euid=0 tty=pts/14 ruser= rhost=localhost Jul 30 08:47:40 showme login[31440]: FAILED LOGIN 2 FROM localhost FOR est, Authentication failure Jul 30 08:48:05 showme login[31440]: Authentication token manipulation error Jul 30 08:48:45 showme login[31443]: Authentication token manipulation error Jul 30 08:49:30 showme login[31446]: Authentication token manipulation error Jul 30 08:51:19 showme login(pam_unix)[31467]: authentication failure; logname= uid=0 euid=0 tty=pts/14 ruser= rhost=localhost user=chiptest Jul 30 08:51:21 showme login[31467]: FAILED LOGIN 1 FROM localhost FOR chiptest, Authentication failure Jul 30 08:51:53 showme login[31467]: Authentication token manipulation error Jul 30 08:52:40 showme login[31479]: Authentication token manipulation error Jul 30 08:57:57 showme login[32650]: Authentication token manipulation error Jul 30 09:00:29 showme login[32665]: Authentication token manipulation error How reproducible: Always Steps to Reproduce: Senario: Root created new user "chiptest" via useradd. Root created this user's passwd. Root used chage to cause it to expire. Allow user to login with given pw and system forces change password. No matter what new pw user chooses, login/pam fails to allow change. Note: I used mkpasswd to generate a random pw in below examples. Root re-enables chage to not cause user's pw to be expired. User logins in ok. User runs passwd to change pw successfully. Actual Results: User cannot change an expired password during login whereas user can successfully issue the passwd to do so. Expected Results: User should be able to change expired pw during login. Additional info:
This looks like a duplicate of #49613. *** This bug has been marked as a duplicate of 49613 ***