passwd: pam_chauthtok(): conversation failure Error and Solutions

I am trying to change my Unix / Linux user account password using the passwd command. But, I am getting the following error:

passwd: pam_chauthtok(): conversation failure

OR

passwd: pam_chauthtok(): error in service module

How do I fix this problem on Unix like operating systems?

Tutorial details
Difficulty level Intermediate
Root privileges Yes
Requirements None
Est. reading time 10m
To fix this problem try any one of the following solutions:

#1: Make sure file system is mounted in read & write mode

Make sure your file system (/ file system) is mounted in read and write mode. Type the mount command to see the current file system status. If file system is mounted on read-only system, try to remount file in read and write mode on Linux operating system and FreeBSD operating system for more information.

#2: Pass the -t option if you are changing password using ssh

If you are using ssh as follows:
ssh user@server-name-here passwd
Try passing the -t option:
ssh -t user@server-name-here passwd

#3: Check SSD or hard disk drive for error

Run fsck on your hard disk. See fsck command tutorials for more info:

  1. Repairing Linux ext2 or ext3 or ext4 File System [ fsck ]
  2. What command do you run to check file system consistency under UNIX or Linux?

#4: Make sure you do not have multiple entries in shardow/passwd/master.passwd file

Check your Linux/Unix encrypted password file and make sure you do not have multiple entries for the same user in /etc/shadow (Linux), /etc/master.passwd (FreeBSD), /etc/passwd (Older version of Linux/Unix).

#5: Check encrypted password file permissions

Make sure permission for the following files are correct using the ls -l command:

  1. /etc/passwd
  2. /etc/shadow
  3. /etc/group
  4. /etc/master.passwd (FreeBSD)

A typical file permission on Linux looks as follows:

ls -l /etc/{passwd,shadow,group}

Sample outputs:

-rw-r--r-- 1 root root    618 Aug 26 21:17 /etc/group
-rw-r--r-- 1 root root   1049 Aug 26 21:17 /etc/passwd
-rw-r----- 1 root shadow  869 Oct  1 15:25 /etc/shadow

Use the chmod and chown command to set correct file permissions.

#6: Make sure encrypted password file not protected by extended file system permissions

Linux and Unix like systems offers file write protection feature. A root user will set special bit call immutable on /etc/shadow or /etc/master.passwd file. Once this bit is setup no one can delete or modify file including root. And only root can clear the File immutable bit. To list file attributes on a Linux type:

lsattr /etc/{passwd,shadow,group}

Sample outputs:

-------------e-- /etc/passwd
-------------e-- /etc/shadow
-------------e-- /etc/group

See how to set/clear/remove immutable bit on a Linux based system and FreeBSD based systems for more information.

#7: Make sure there are no other authorization errors in log file

Check your system log files for any other errors.

#8: Check the contents of /etc/pam.d/

Check the contents of /etc/pam.d/ directory and make sure they are unchanged. You can compare the contents of /etc/pam.d/ directory to another systems /etc/pam.d/ directory.

#9: Make sure encrypted password file is not corrupted

Make sure /etc/shadow (Linux) or /etc/master.passwd (FreeBSD) file is not corrupted. Use the pwck command on Linux to check file integrity. Use pwd_mkdb command on FreeBSD to rebuild /etc/master.passwd file.

See also

See the following man pages for more information:

  • Linux man pages: pwunconv(8)
  • FreeBSD man pages: pwd_mkdb(8)

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum