The “Authentication token manipulation” error is a common issue that Ubuntu Server users may encounter when trying to change their password. This error typically indicates that the system is unable to update your password. In this article, we’ll delve into various methods to resolve this issue.
Understanding the Error
The “Authentication token manipulation” error usually occurs when the system is unable to update the /etc/shadow file, which stores actual password in encrypted format for user’s account. This could be due to a variety of reasons, such as incorrect current password, full disk, incorrect permissions, or misconfigured files.
Possible Solutions
1. Verify Your Current Password
The first thing you should do is to ensure you’re entering your current password correctly. If you’re unsure, try logging out and logging back in with the current password to confirm.
2. Set a Password if You’re Using a Keypair
If you’re logging in with a keypair and don’t have a password set, try creating one. You can do this by running the command sudo passwd your_user. Here, sudo allows you to run commands with administrative privileges, while passwd is the command to change the password for a user (your_user).
3. Check Disk Space
A full disk can prevent the system from writing the new password to the /etc/shadow file. Use the command df -h to check your disk usage. The df command displays the amount of disk space used and available on Linux file systems. The -h option makes the output easier to understand by displaying the sizes in human-readable format (e.g., KB, MB, GB).
4. Remount the Root Partition
If you’re logged in remotely via SSH and encountering this error, the root partition may be mounted as read-only. To remount it as read/write, run mount -o remount,rw /. The mount command mounts file systems, -o specifies options, remount re-mounts an already-mounted system, rw sets read-write mode, and / specifies the root file system.
5. Check Permissions for /etc/shadow
The /etc/shadow file should have the correct permissions to allow the system to write to it. Run ls -l /etc/shadow to check the current permissions. If necessary, correct them by running sudo chmod 640 /etc/shadow. The chmod command changes the permissions of a file, and 640 sets the permissions so that the owner can read and write, the group can read, and others have no permissions.
6. Fix SELinux Permissions
If you’re using SELinux, incorrect permissions can cause this error. To fix, run sudo restorecon -v /etc/shadow. The restorecon command restores file(s) default SELinux security contexts.
7. Check /etc/pam.d/common-password
This file can be misconfigured, leading to the error. Open it with a text editor like nano (sudo nano /etc/pam.d/common-password) and ensure it’s correctly configured.
8. Verify /etc/passwd Entry
The /etc/passwd file contains user account information. Open it (sudo nano /etc/passwd) and ensure your user entry is correctly formatted.
9. Run pam-auth-update
If none of the above solutions work, try running sudo pam-auth-update. This command helps to manage the PAM configuration.
Conclusion
The “Authentication token manipulation” error can be frustrating, but it’s usually easy to fix. The solutions above should help you resolve the issue and successfully change your password in Ubuntu Server. Always remember to have a backup of critical files before making any changes to the system.
To check your current disk usage, you can use the df -h command. This will display the amount of disk space used and available on your Linux file systems in a human-readable format.
If you’re logged in remotely via SSH and need to remount the root partition as read/write, you can use the command mount -o remount,rw /. This will remount the root file system with read-write permissions.
The /etc/shadow file should have the permissions set to 640. This means that the owner can read and write, the group can read, and others have no permissions.
If you’re using SELinux and experiencing issues with permissions, you can fix them by running the command sudo restorecon -v /etc/shadow. This will restore the default SELinux security context for the /etc/shadow file.
To open and edit the /etc/pam.d/common-password file, you can use a text editor like nano by running the command sudo nano /etc/pam.d/common-password. Make sure to edit it carefully and ensure it is correctly configured.
You can verify your user entry in the /etc/passwd file by opening it with a text editor like nano using the command sudo nano /etc/passwd. Ensure that your user entry is correctly formatted.
The pam-auth-update command helps manage the Pluggable Authentication Modules (PAM) configuration. Running sudo pam-auth-update can be useful if other solutions haven’t resolved the "Authentication token manipulation" error.
