10

I am in a bizarre situation, that I can't reset user's password on my machine (Ubuntu 16.04) using eighter sudo passwd username or passwd username from the root account.

root@adam-minipc:~ # passwd mikolaj
Current password: 
New password: 
New password (again): 
passwd: Authentication token manipulation error
passwd: password unchanged

In the /etc/shadow the relevant entry reads:

mikolaj:!:18063:0:99999:7:::

Why is that? What cause it and how to reset the password already? Have I been pwned?

Unlocking the account does not help either:

root@adam-minipc:~ # passwd -u mikolaj
passwd: unlocking the password would result in a passwordless account.
You should set a password with usermod -p to unlock the password of this account.

usermod -p <encrypted password> mikolaj requires encrypted password, and it simply pastes it to the /etc/shadow file. I don't know how to get the encrypted password, even if I knew, it must be a way to simply reset a password if you are root. It is the first time I see this behavior of passwd and frankly I am really at lost.

The question is different from Getting an "Authentication token manipulation" error when trying to change my user password, because it has nothing to do with the read-only file system, nor I complain about the error in the first place. I want to know, why sudo passwd <username> suddenly started asking for a current password. On all my other systems it doesn't.

Adam Ryczkowski
  • 4,403
  • 9
  • 40
  • 65
  • Have you tried setting a password with "-p" as the output suggests? – Yeti Jun 16 '19 at 13:00
  • @KetanPatel No, it is not. I've just found the solution and it is a completely different story. – Adam Ryczkowski Jun 16 '19 at 13:03
  • 2
    @AdamRyczkowski That covers multiple causes, though none mentions passwd asking root to give a current password. I think jouell's answer might've fixed this. I recommend you [edit] again to make immediately clear what you're currently asking for. (It still looks like you want to reset the password.) Does passwd mikolaj, as root, still ask for mikolaj's password? If not, it may be hard to find why it did. If so, does pam-auth-update fix it? If not, what's the output of ls -l /etc/{passwd,group} /etc/pam.d/*pass*? – Eliah Kagan Jun 16 '19 at 13:38
  • Have you tried sudo -u username passwd? – Martin Schröder Jun 16 '19 at 22:37

1 Answers1

6

I've finally found the solution, but it does not answer why sudo passwd <username> suddenly started asking for the current password, so I am not going to mark it as a solution.

To solve it run as root usermod -p "" mikolaj, and then change the password using passwd as always, and when it asks you for the current password, simply press enter without typing anything.

Adam Ryczkowski
  • 4,403
  • 9
  • 40
  • 65
  • 1
    Removing the exclamation mark from /etc/shadow would have been the same I guess. Nice solution. :-) – Yeti Jun 16 '19 at 13:08
  • 1
    Hmm... I'm skeptical that this really solved the underlying issue, since to actually set the password to the empty string you would need something like usermod -p "$(openssl passwd "")". Is passwd mikolaj as root behaving normally again now? – steeldriver Jun 16 '19 at 13:40
  • @steeldriver Yes, it does. All is fine now, except for my lack of understanding why passwd started to behave like this – Adam Ryczkowski Jun 17 '19 at 08:28