# passwd: authentication token manipulation error (PAM)

## flox

I would be happy if someone could help me further with this one:

I have done useradd user and I can login correctly, but if I try to passwd as user I get the following error msg:

```

passwd: authentication token manipulation error

```

I guess this is a PAM problem, but I don't know what to do. I have already emerged pam again, but that didn't help as well.

My pam.d/passwd looks like that (gentoo installed it like that):

```

#%PAM-1.0

auth       required     /lib/security/pam_stack.so service=system-auth

account    required     /lib/security/pam_stack.so service=system-auth

password   required     /lib/security/pam_stack.so service=system-auth

```

I also thought, that it could be a problem of user rights. Since I can't execute a lot of commands like ping, passwd -l. 

What rights do I have to add to get something like superuser, and could that be part of the problem? (But isn't changing a password something every regular user should be able to?)

If there is any other information I can provide to narrow down the problem, please just let me know.

regards,

Flox

----------

## flox

I have a box, which hasn't the capability to boot from cdrom, that's why I use the approach described in an other post: With tomsrtbt and I followed the instructions in there. 

One instruction is: 

```

chown - R root.root /mnt/gentoo

```

which is fine if someone starts from stage1, but I assume if you start from stage3 you just take away all the right permission settings, which allow you to use commands like passwd, ping, etc. (my mistake)

I've redone everything from stage1 and it works fine.

regards,

Flox

----------

## ixion

I am having this same issue (token manipulation error), but really am not at any position to reinstall. This is my workstation at work which is going to be needed rigorlously in the next couple weeks.

Anyone have any insight on how to fix this without a format?

----------

## petkir

I think this is not a problem with the pam  authentication

try:

```
chmod +s /usr/bin/passwd
```

Read more: https://forums.gentoo.org/viewtopic.php?p=629146#629146

have a lot of fun

----------

## bsaunder

I've had the same problem.  I found that my /etc/password file and my /etc/shadow file were completely out of sync (there were about  22 accounts that were in the password file that were not in the shadow file.  I don't know when this problem started, but the user accounts that were out of sync were:

xfs

vpopmail

squid

smmsp

qmails

qmailr

qmailq

qmailp

qmaill

qmaild

postgres

postfix

portage

nut

named

mysql

gdm

cyrus

cron

at

apache

alias

My suspicion is that some of the gentoo packages mucked with the password file without updating the shadow file some how. 

I've fixed my problem by manually editing the shadow file and adding the missing entries.  This is a real pain in the butt problem.  It's the kind of thing that you don't expect to have a problem with and then it chews up some good time to fix it.  Good luck to anyone else with the same problem.

-Bruce

----------

## boroshan

mmm hmm... similar list

```
vpopmail

portage

postfix

gdm

apache

smmsp

postgres

qmailq

qmailr

xfs

alias

cyrus

uml

squid

named

at

qmails

qmailp

qmaild

cron

mysql

nut

qmaill

```

Intrestingly, user "uml" which I hand created is in the list but others that I created are not. This is possibly due to using newuser rather than useradd to create the user. I had to use newuser because useradd found a group called uml and decided I wanted to add root to the group... mutter mutter grumble grouse gripe

I wonder if it's worth submitting a bug?

----------

## airhead

I just discovered that I have the same problem. Does anyone know why this occurs?

Cheers

----------

## barrct

My postgres had the same problem...... Something to do with the installs from the ebuilds?

----------

## soulsolu

Regarding gentoo passwd: Authentication token manipulation error messages, I found the same problem while installation 2004.2 from a universal CD. I discovered that during gentoo 2004.2 installation, if you fill the active installation partition (i.e., 0% free if you run df .) then you receive this specific error when attempting to change the passwd for root or others as well.  I managed to perform this feat by extracting the stage3 file to the wrong location during installation  :Embarassed:    It took me a while to run into enough problems that I started digging into it, and that was when I realized that the passwd error was related to the filesystem issue.  After rebooting and booting off of the universal CD again, starting with a fresh / filesystem (ram disk???) I was able to proceed with changing the root passwd and the rest of the installation. 

So, for those recieving the error check free disk space:  

```
df .
```

----------

## bunder

I only had this problem when changing a user's name via editing /etc/passwd and forgetting to change /etc/shadow too.  Could there be a broken ebuild out there adding users by manually appending /etc/passwd?

--beugh

----------

## marcowave

same problem... but only with users..... with root it change the password...

noone has the solution yet?  :Sad: 

----------

## analogbytes

I am having the same problem but when I corrected by hand I can now change the password , but can not log in as that user.  Access denied.  I did not know what each field meant so I just followed the syntax of most of the others.

```
qmaild:*:9797:0:::::
```

Can anyone help?

Thanks

----------

## codadilupo

 *analogbytes wrote:*   

> I am having the same problem but when I corrected by hand I can now change the password , but can not log in as that user.  Access denied.  I did not know what each field meant so I just followed the syntax of most of the others.
> 
> ```
> qmaild:*:9797:0:::::
> ```
> ...

 

try this way (as I did with mysql user):

```
nano /etc/passwd
```

change the line

```
mysql:x:60:60:mysql:/var/lib/mysql:/bin/false
```

in 

```
mysql:x:60:60:mysql:/var/lib/mysql:/bin/bash
```

Hope this could help, with your own user  :Wink:  !!

Coda

----------

## Maedhros

This post may also be helpful: https://forums.gentoo.org/viewtopic-p-2130101.html#2130101

----------

