修改密码报错:passwd: Authentication token manipulation error
修改用户密码时提示如下报错:
passwd: Authentication token manipulation error
解决办法
检查/etc/pam.d/passwd、/etc/pam.d/system-auth以下配置是否存在:
1、cat /etc/pam.d/passwd
#%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth password required pam_cracklib.so dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 minlen=6 password required pam_unix.so use_authtok nullok md5 password required pam_unix.so remember=5 use_authtok 最后这三行有些老系统不支持,设置后也会导致上面的报错 |
2、cat /etc/pam.d/system-auth
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so |
3、也可以直接修改shadow文件密码串
方法一)
perl -e 'print crypt("password","\$1\$2BDxrkQc\$"),"\n"'
注:这里的2BDxrkQc,是shadow中salt($3)的内容,如果要随机生成salt,可使用方法二。
方法二)
echo "password" | openssl passwd -1 -salt $(< /dev/urandom tr -dc '[:alnum:]' | head -c 32) -stdin
