Authentication token manipulation error

I forgot my Ubuntu password so I booted into recovery and dropped into a root shell prompt and this is what happened:

root@username-PC:~# passwd username
Enter new UNIX password:
Retype new UNIX password:
passwd: Authentication token manipulation error
passwd: password unchanged

Solution 1:

Also make sure you are mounting the file system read/write.

After immediately selecting 'Drop into root shell prompt' I found the filesystem was mounted read only, which prevents resetting the password.

Choosing the option to remount / as read/write and going back into the root shell prompt enabled the password change.

The command to run prior to changing the password is: mount -rw -o remount /

Solution 2:

I'm not sure how it happened. A sudo user created my account then deleted it then created it again.

Here is what I found

mount -o remount,rw /
passwd
passwd: Authentication token manipulation error

No change.

sudo pwck

Showed no errors.

sudo grpck

Showed no errors.

ls -l /etc/passwd /etc/group /etc/shadow /etc/shadow-
-rw-r--r-- 1 root root    767 May  7 16:45 /etc/group
-rw-r--r-- 1 root root   1380 May  7 16:45 /etc/passwd
-rw-r----- 1 root shadow 1025 May  8 09:11 /etc/shadow
-rw------- 1 root root   1025 May  7 16:46 /etc/shadow-

Looks normal.

sudo cat /etc/shadow |grep oracle
oracle:$6$FsPqyplr$DrIvjFDSx0ipHmECMw1AU5hTrbNMnnkGRdFlaQcM.p3Rdu2OLjY20tzUTW61HlFH16cal56rKlLuW4j2mK9D.:15833:0:99999:7:::

Showed user and encrypted password.

sudo cat /etc/shadow- |grep oracle

Showed nothing. Not sure what that means but doesn't look right.

sudo passwd -d oracle
passwd

So the solution was to delete the password then reset new password.

Hope this helps.

I originally posted here Getting an "Authentication token manipulation" error when trying to change my user password but google shows this result first so, I re-posted.

Solution 3:

I got this error by changing password with device where date was not set. (ie. it was random after boot)

Basically what happened was that when I changed the password the illegal timestamp got updated to /etc/shadow. After that one could not use that account to login or change its password. Even with root account it was impossible to change that password again.

To fix the account I had to:

  1. Set the correct date
  2. Edit sane expiration/last password change dates to /etc/shadow file (I used last working shadow file)
  3. Change the password with root-rights to new one.