Linux changing password enter new UNIX password: passwd: authentication token manipulation error

How to Fix “passwd: Authentication token manipulation error” in Linux
by Aaron Kili | Published: July 19, 2018 | Last Updated: July 19, 2018

Linux Certifications –
RHCSA/RHCE Certification |
Ansible Automation Certification |
LFCS/LFCE Certification

In Linux, the passwd command is used to set or change user account passwords, while using this command sometimes users may encountered the error: “passwd: Authentication token manipulation error” as shown in below example.
Recently I was logging in to my CentOS server using my username “tecmint“. Once I am logged in I am trying to change my password using passwd utility, but a second after I am getting the following error messages.

# su - tecmint
$ passwd tecmint
Changing password for user tecmint
Changing password for tecmint

(current) UNIX password: 
passwd: Authentication token manipulation error 

In this article, we will explain different ways of fixing “passwd: Authentication token manipulation error” in Linux systems.
1. Reboot System
The first basic solution is to reboot your system. I can’t really tell why this worked, but it did worked for me on my CentOS 7.

$ sudo reboot 


If this fails, try out the next solutions.
2. Set Correct PAM Module Settings
Another possible cause of the “passwd: Authentication token manipulation error” is wrong PAM (Pluggable Authentication Module) settings. This makes the module unable to obtain the new authentication token entered.
The various settings for PAM are found in /etc/pam.d/.

$ ls -l /etc/pam.d/

-rw-r--r-- 1 root root 142 Mar 23  2017 abrt-cli-root
-rw-r--r-- 1 root root 272 Mar 22  2017 atd
-rw-r--r-- 1 root root 192 Jan 26 07:41 chfn
-rw-r--r-- 1 root root 192 Jan 26 07:41 chsh
-rw-r--r-- 1 root root 232 Mar 22  2017 config-util
-rw-r--r-- 1 root root 293 Aug 23  2016 crond
-rw-r--r-- 1 root root 115 Nov 11  2010 eject
lrwxrwxrwx 1 root root  19 Apr 12  2012 fingerprint-auth -> fingerprint-auth-ac
-rw-r--r-- 1 root root 659 Apr 10  2012 fingerprint-auth-ac
-rw-r--r-- 1 root root 147 Oct  5  2009 halt
-rw-r--r-- 1 root root 728 Jan 26 07:41 login
-rw-r--r-- 1 root root 172 Nov 18  2016 newrole
-rw-r--r-- 1 root root 154 Mar 22  2017 other
-rw-r--r-- 1 root root 146 Nov 23  2015 passwd
lrwxrwxrwx 1 root root  16 Apr 12  2012 password-auth -> password-auth-ac
-rw-r--r-- 1 root root 896 Apr 10  2012 password-auth-ac
....

For instance a mis-configured /etc/pam. d/common-password file can result into this error, running the pam-auth-update command with root privileges can fix the issue.

$ sudo pam-auth-update

3. Remount Root Partition
You might also see this error if the / partition is mounted as read only, which means no file can be modified thus a user’s password can’t be set or changed. To fix this error, you need to mount the root partition as as read/write as shown.

$ sudo mount -o remount,rw /

4. Set Correct Permissions on Shadow File
Wrong permissions on the /etc/shadow file, which stores actual passwords for user accounts in encrypted format can also cause this error. To check the permissions on this file, use the following command.

$ ls -l  /etc/shadow

To set the correct permissions on it, use the chmod command as follows.

$ sudo chmod 0640 /etc/shadow

5. Repair and Fix Filesystem Errors
Minor storage drive or filesystem errors can also cause the error in question. You can use Linux disk scanning tools such as fsck to fix such errors.

Read More: