[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: authentication token manipulation error

From: "Mikkel L. Ellertson" <mikkel Infinity-ltd com>
To: <pam-list redhat com>
Subject: Re: authentication token manipulation error
Date: Thu, 3 May 2001 15:26:51 -0500 (CDT)

On Thu, 3 May 2001, Peter Brown wrote:

>
>  I'm in the process of migrating a system running HP-UX 10.10 to Red Hat 7.0
>  and when I moved the unshadowed HP-UX /etc/passwd file over, I found that
>  my users could then log into their new accounts, that the transferred
>  passwd file allows them access to the account on the new machine but
>  that they cannot change their passwords.  They get this message:
>
>      passwd:authentication token manipulation error
>
>  The PAM-Linux configuration is the Red Hat default (I certainly
>  haven't messed with it).  Here are the contents of /etc/pam.d/passwd:
>
>  #%PAM-1.0
>  auth       required	/lib/security/pam_stack.so debug service=system-auth
>  account    required	/lib/security/pam_stack.so debug service=system-auth
>  password   required	/lib/security/pam_stack.so debug service=system-auth
>
>  Here are the contents of /etc/pam.d/system-auth (with debug and audit
>  parameters newly introduded by me):
>
>  #%PAM-1.0
>  # This file is auto-generated.
>  # User changes will be destroyed the next time authconfig is run.
>  auth        sufficient    /lib/security/pam_unix.so debug audit likeauth nullok md5 shadow
>  auth        required      /lib/security/pam_deny.so
>  account     sufficient    /lib/security/pam_unix.so debug audit
>  account     required      /lib/security/pam_deny.so
>  password    required      /lib/security/pam_cracklib.so debug retry=3
>  password    sufficient    /lib/security/pam_unix.so debug audit nullok use_authtok md5 shadow
>  password    required      /lib/security/pam_deny.so
>  session     required      /lib/security/pam_limits.so
>  session     required      /lib/security/pam_unix.so debug audit
>
>  Appended are the relevent lines of /var/log/secure after the debug and
>  audit parameters were added.  Two attempts are logged.  The first by the
>  user (fjaumott) trying to change her own password, the second one by root
>  intending to change it for her.  If anyone could help me understand
>  what's going and make a recommendation, I'd be grateful.  I've been
>  reading the PAM documentation but I'm still clueless.
>
>  Thanks.
>
>  Peter Brown
>
>
Peter,
	Does the file /etc/shadow exhist?  The default install of Red
Hat uses shadow passwords, and I think what may be happening in that
qhen they try and change the password, there is no entry for the user in
/etc/shadow, so pam has problems.  Backup /etc/shadow, and /etc/passwd.
The delete /etc/shadow, and run pwconv to convert your password file to
shadow passwords.  If this fixes the problem, you will also want to run
grpconv.

Mikkel
-- 

    Do not meddle in the affairs of dragons,
 for you are crunchy and taste good with ketchup.

Follow-Ups:
- Re: authentication token manipulation error
  - From: Peter Brown <pedro@kuznets.fas.harvard.edu>

References:
- authentication token manipulation error
  - From: Peter Brown <pedro@kuznets.fas.harvard.edu>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []