I have RHEL machine in which I am able to login as root but when I tried changing password as :
Why its reacting So??

Is it possible that the second entry did not match the first?
Did you try it again?
Did you try a different password?

Check the ownership and permissions for /etc/passwd. The file should be:-
(ignoring the date and size of course)

Pixellany,

I am entering the right password as confirmation.

But I am amazed.
When I ran:
[root@pe ~]# passwd root
Changing password for user root.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@pe ~]#

All I am entering password right way and it is accepting it too.But when I am trying to login in new window it is not taking the new password but accepting the last password.

Horrible????
Blacky..

The output is :
[root@pe ~]# ls -la /etc/passwd
-rw-r--r-- 1 root root 2956 Feb 11 11:05 /etc/passwd
[root@pe ~]#

Any idea?

Check the permissions and ownership of /etc/shadow as well.

Did you try a different password?

Can you assign that same password to another user?

i assume that you are using shadowed password files. this error occures when the user of which you are trying to change the password is existing /etc/passwd but not in /etc/shadow.

you have to add the user manually to /etc/shadow or update the shadow file with "pwconv"

also make sure you typed your current password correctly (if your passwd is too short you will see an entry in /etc/shadow but without any password).

vadkutya

Blacky,

My /etc/shadow file says:

# ls -la /etc/shadow
-rw------- 1 root root 1694 Feb 11 11:03 /etc/shadow
[root@pe ~]#

Vadkutya,

The root entry is there in /etc/shadow file.

Lemme inform you this is Xen Server ....Any hint from this?

Run "lsattr /etc/shadow /etc/passwd". Results should be:-If you don't get this, use "chattr -<letter> filename" where you replace <letter> with the attribute(s) that are turned on.

Did you try pwconv?

EDIT - Just noticed a glaring error. /etc/shadow should not be writable - permissions should be as follows:-

Its the same:

[root@pe ~]# lsattr /etc/passwd /etc/shadow
------------- /etc/passwd
------------- /etc/shadow
[root@pe ~]# ls -la /etc/shadow
-rw-r--r-- 1 root root 1694 Feb 11 11:03 /etc/shadow
[root@pe ~]# chmod 600 /etc/shadow
[root@pe ~]# ls -la /etc/shadow
-rw------- 1 root root 1694 Feb 11 11:03 /etc/shadow
[root@pe ~]#


I only tried to change the /etc/shadow earlier? Now changed back it to original state.

Any idea what gonna we do next for the issue??

Still In doubt??

Not quite what I meant. Try "chmod 400 /etc/shadow" and see how you get on. Permissions for /etc/shadow should be read only, not read write.

hey ajeetraina,

maybe this could be helpful http://jmatrix.net/dao/case/case.jsp...016D6F8AAA-17C

in short: "The key here is that older versions of passwd did not ask for confirmation of the current password. If they did, and the user entered an incorrect password, passwd told you as much. With pam - rather than telling you your current password is incorrect, it errors saying "Authentication token manipulation error"."

similar: http://forums12.itrc.hp.com/service/...readId=1014718 (scroll down )

if this does not help. backup /etc/shadow and /etc/group and rebuild them with pwconv and grpconv. if there's no problem with either "typing" or "/etc/shadow, /etc/passwd" then see the logs after you just tried to change the password. also, give an output of /etc/pam.d/system-auth

vadkutya