常见问题(1)问题:/etc/passwd, /etc/shadow文件被锁住,不允许修改。lsattr /etc/passwd----i-------- /etc/passwdlsattr /etc/shadow----i-------- /etc/shadow[root@shanxi Desktop]# passwd tomChanging password for user tom.New UNIX password:BAD PASSWORD: it is based on a dictionary wordRetype new UNIX password:passwd: Authentication token manipulation error解决方法:[root@shanxi Desktop]# chattr -i /etc/shadow[root@shanxi Desktop]# chattr -i /etc/passwd[root@shanxi Desktop]# lsattr /etc/passwd------------- /etc/passwd[root@shanxi Desktop]# lsattr /etc/shadow------------- /etc/shadow(2)/etc/pam.d/认证的地方出问题了[root@yitai02 ~]# passwd tomChanging password for user tom .passwd: Authentication token manipulation errorYou have new mail in /var/spool/mail/root看了一下是有一行被人注解掉了:[root@yitai02 ~]# cat /etc/pam.d/passwd#%PAM-1.0auth required pam_stack.so service=system-authaccount required pam_stack.so service=system-auth#password required pam_stack.so service=system-auth解决方法:反注解[root@yitai02 ~]# cat /etc/pam.d/passwd#%PAM-1.0auth required pam_stack.so service=system-authaccount required pam_stack.so service=system-authpassword required pam_stack.so service=system-auth另外也可以能是/etc/pam.d/system-auth 文件内容被人清空了。这种情况也不行。
可以都补上,如下:[root@yitai02 ~]# cat /etc/pam.d/system-auth#%PAM-1.0# This file is auto-generated.# User changes will be destroyed the next time authconfig is run.auth required /lib/security/$ISA/pam_env.soauth sufficient /lib/security/$ISA/pam_unix.so likeauth nullokauth required /lib/security/$ISA/pam_deny.soaccount required /lib/security/$ISA/pam_unix.soaccount sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quietaccount required /lib/security/$ISA/pam_permit.sopassword requisite /lib/security/$ISA/pam_cracklib.so retry=3password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadowpassword required /lib/security/$ISA/pam_deny.sosession required /lib/security/$ISA/pam_limits.sosession required /lib/security/$ISA/pam_unix.so