Need help?

Our experts have had an average response time of 11.7 minutes in August 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

passwd: authentication token manipulation error in Linux

by | May 25, 2021

We use the passwd command in Linux to set or change user account passwords, however, while using it, we may encounter the error: “passwd: Authentication token manipulation error”

As part of our Server Management Services, we assist our customers with several Linux queries.

Today, let us see how to fix this error.


passwd: authentication token manipulation error in Linux

Recently, we had a customer who tried to log in to his CentOS server with the username “bob“. He was trying to change the password using passwd utility. However, within seconds he receives the following error message:

# su - bob
$ passwd bob
Changing password for user bob
Changing password for bob

(current) UNIX password: 
passwd: Authentication token manipulation error


How to fix it?

Moving ahead, let us see the methods our Support Techs suggest in order to fix this.

1. Set Correct PAM Module Settings

A possible cause of the error can be the wrong PAM (Pluggable Authentication Module) settings. It can make the module unable to obtain the new authentication token entered.

We can find the various settings for PAM in /etc/pam.d/.

$ ls -l /etc/pam.d/

-rw-r--r-- 1 root root 142 Mar 23  2017 abrt-cli-root
-rw-r--r-- 1 root root 272 Mar 22  2017 atd
-rw-r--r-- 1 root root 192 Jan 26 07:41 chfn
-rw-r--r-- 1 root root 192 Jan 26 07:41 chsh
-rw-r--r-- 1 root root 232 Mar 22  2017 config-util
-rw-r--r-- 1 root root 293 Aug 23  2016 crond
-rw-r--r-- 1 root root 115 Nov 11  2010 eject
lrwxrwxrwx 1 root root  19 Apr 12  2012 fingerprint-auth -> fingerprint-auth-ac
-rw-r--r-- 1 root root 659 Apr 10  2012 fingerprint-auth-ac
-rw-r--r-- 1 root root 147 Oct  5  2009 halt
-rw-r--r-- 1 root root 728 Jan 26 07:41 login
-rw-r--r-- 1 root root 172 Nov 18  2016 newrole
-rw-r--r-- 1 root root 154 Mar 22  2017 other
-rw-r--r-- 1 root root 146 Nov 23  2015 passwd
lrwxrwxrwx 1 root root  16 Apr 12  2012 password-auth -> password-auth-ac
-rw-r--r-- 1 root root 896 Apr 10  2012 password-auth-ac

For instance, a misconfigured /etc/pam.d/common-password file can result in this error.

We can fix this issue by running the pam-auth-update command with root privileges:

$ sudo pam-auth-update

2. Set Correct Permissions on Shadow File

/etc/shadow file stores actual passwords for user accounts in an encrypted format. Wrong permission in this file can also cause the error.

To check the permissions on this file, we run:

$ ls -l  /etc/shadow

Then to set the correct permissions on it, we use the chmod command:

$ sudo chmod 0640 /etc/shadow

3. Remount Root Partition

We might also see this error if the / partition is mounted as read-only. This means no file can modify. Thus we cannot set or change a user’s password.

To fix this error, we need to mount the root partition as read/write:

$ sudo mount -o remount,rw /

4. Free Up Disk Space

Suppose, our disk is full. In such a case, we cannot modify any file on the disk especially when the file’s size is meant to increase. This may eventually cause the error.

Here, we can try to remove any unwanted files so that there is no issue of lack of space.

In order to make the space, it is easier if we use tools like FSlint or BleachBit. They can help us to identify unwanted files and clean up the disk thus providing more space.

4. Reboot System

Another possible method is to try and reboot the system. This may fix the issue in some cases.

We can do this using:

$ sudo reboot

5. Repair and Fix Filesystem Errors

If none of the above methods work, we can try this method.

Minor storage drive or filesystem errors can also cause the error in question. Linux disk scanning tools such as fsck can fix such errors.

However, our Support Techs recommend trying out fsck commands on test Linux servers with the help of system administrators or if we are pretty much experienced with fsck and it works.

We must always keep in mind to unmount a partition before we run fsck on it.

[Need help with the procedures? We can help you]



In short, passwd: authentication token manipulation error in Linux occurs when we try to change the password via the passwd command. Today, we saw how our Support Techs fix this error.


Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.


var google_conversion_label = "owonCMyG5nEQ0aD71QM";


Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center


Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]


Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid


Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie


These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.