出现这种问题需要考虑两种情况:
1、错误出现在输入完新密码后
网上的解决方法很多,大概如下:
问题:/etc/passwd, /etc/shadow文件被锁住,不允许修改。
[root@shanxi Desktop]# lsattr /etc/passwd
----i-------- /etc/passwd
[root@shanxi Desktop]# lsattr /etc/shadow
----i-------- /etc/shadow
[root@shanxi Desktop]# passwd tom
Changing password for user tom.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: Authentication token manipulation error
解决方法:
[root@shanxi Desktop]# chattr -i /etc/shadow
[root@shanxi Desktop]# chattr -i /etc/passwd
[root@shanxi Desktop]# lsattr /etc/passwd
------------- /etc/passwd
[root@shanxi Desktop]# lsattr /etc/shadow
------------- /etc/shadow
另外也有可能是磁盘满了,或者inode满了,通过df -h及df -i查看,当然我碰到的不是这种情况
2、输入完passwd后立即报错
应该是/etc/pam.d/认证的地方出问题了
[root@yitai02 ~]# passwd tom
Changing password for user tom .
passwd: Authentication token manipulation error
You have new mail in /var/spool/mail/root
看了一下是有一行被人注解掉了:
[root@yitai02 ~]# cat /etc/pam.d/passwd
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
#password required pam_stack.so service=system-auth
解决方法:
反注解
[root@yitai02 ~]# cat /etc/pam.d/passwd
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
另外也可以能是/etc/pam.d/system-auth 文件内容被人清空了。这种情况也不行。
可以都补上,如下:
[root@yitai02 ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow ##我出现的问题是这一行被注释了,取消注释即可
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so