10

I am in a bizarre situation, that I can't reset user's password on my machine (Ubuntu 16.04) using eighter sudo passwd username or passwd username from the root account.

root@adam-minipc:~ # passwd mikolaj
Current password: 
New password: 
New password (again): 
passwd: Authentication token manipulation error
passwd: password unchanged

In the /etc/shadow the relevant entry reads:

mikolaj:!:18063:0:99999:7:::

Why is that? What cause it and how to reset the password already? Have I been pwned?

Unlocking the account does not help either:

root@adam-minipc:~ # passwd -u mikolaj
passwd: unlocking the password would result in a passwordless account.
You should set a password with usermod -p to unlock the password of this account.

usermod -p <encrypted password> mikolaj requires encrypted password, and it simply pastes it to the /etc/shadow file. I don't know how to get the encrypted password, even if I knew, it must be a way to simply reset a password if you are root. It is the first time I see this behavior of passwd and frankly I am really at lost.

The question is different from Getting an "Authentication token manipulation" error when trying to change my user password, because it has nothing to do with the read-only file system, nor I complain about the error in the first place. I want to know, why sudo passwd <username> suddenly started asking for a current password. On all my other systems it doesn't.

Adam Ryczkowski
  • 4,393
  • 8
  • 39
  • 65
  • Have you tried setting a password with "-p" as the output suggests? – Yeti Jun 16 '19 at 13:00
  • @KetanPatel No, it is not. I've just found the solution and it is a completely different story. – Adam Ryczkowski Jun 16 '19 at 13:03
  • 2
    @AdamRyczkowski [That](https://askubuntu.com/q/57620) covers multiple causes, though none mentions `passwd` asking root to give a current password. I think [jouell's answer](https://askubuntu.com/a/632673) *might've* fixed this. I recommend you [edit] again to make immediately clear what you're *currently* asking for. (It still *looks* like you want to reset the password.) Does `passwd mikolaj`, as root, still ask for `mikolaj`'s password? If not, it may be hard to find why it did. If so, does `pam-auth-update` fix it? If not, what's the output of `ls -l /etc/{passwd,group} /etc/pam.d/*pass*`? – Eliah Kagan Jun 16 '19 at 13:38
  • Have you tried `sudo -u username passwd`? – Martin Schröder Jun 16 '19 at 22:37

1 Answers1

6

I've finally found the solution, but it does not answer why sudo passwd <username> suddenly started asking for the current password, so I am not going to mark it as a solution.

To solve it run as root usermod -p "" mikolaj, and then change the password using passwd as always, and when it asks you for the current password, simply press enter without typing anything.

Adam Ryczkowski
  • 4,393
  • 8
  • 39
  • 65
  • 1
    Removing the exclamation mark from /etc/shadow would have been the same I guess. Nice solution. :-) – Yeti Jun 16 '19 at 13:08
  • 1
    Hmm... I'm skeptical that this really solved the underlying issue, since to *actually* set the password to the empty string you would need something like `usermod -p "$(openssl passwd "")"`. Is `passwd mikolaj` as root behaving normally again now? – steeldriver Jun 16 '19 at 13:40
  • @steeldriver Yes, it does. All is fine now, except for my lack of understanding why `passwd` started to behave like this – Adam Ryczkowski Jun 17 '19 at 08:28