passwd: pam_chauthtok(): conversation failure
OR
passwd: pam_chauthtok(): error in service module
How do I fix this problem on Unix like operating systems?
| Tutorial details | |
|---|---|
| Difficulty | Intermediate (rss) |
| Root privileges | Yes |
| Requirements | None |
| Time | 10m |
#1: Make sure file system is mounted in read & write mode
Make sure your file system (/ file system) is mounted in read and write mode. Type the mount command to see the current file system status. If file system is mounted on read-only system, try to remount file in read and write mode on Linux operating system and FreeBSD operating system for more information.
#2: Pass the -t option if you are changing password using ssh
If you are using ssh as follows:
ssh user@server-name-here passwd
Try passing the -t option:
ssh -t user@server-name-here passwd
#3: Check SSD or hard disk drive for error
Run fsck on your hard disk. See fsck command tutorials for more info:
- Repairing Linux ext2 or ext3 or ext4 File System [ fsck ]
- What command do you run to check file system consistency under UNIX or Linux?
#4: Make sure you do not have multiple entries in shardow/passwd/master.passwd file
Check your Linux/Unix encrypted password file and make sure you do not have multiple entries for the same user in /etc/shadow (Linux), /etc/master.passwd (FreeBSD), /etc/passwd (Older version of Linux/Unix).
#5: Check encrypted password file permissions
Make sure permission for the following files are correct using the ls -l command:
- /etc/passwd
- /etc/shadow
- /etc/group
- /etc/master.passwd (FreeBSD)
A typical file permission on Linux looks as follows:
ls -l /etc/{passwd,shadow,group}
Sample outputs:
-rw-r--r-- 1 root root 618 Aug 26 21:17 /etc/group -rw-r--r-- 1 root root 1049 Aug 26 21:17 /etc/passwd -rw-r----- 1 root shadow 869 Oct 1 15:25 /etc/shadow
Use the chmod and chown command to set correct file permissions.
#6: Make sure encrypted password file not protected by extended file system permissions
Linux and Unix like systems offers file write protection feature. A root user will set special bit call immutable on /etc/shadow or /etc/master.passwd file. Once this bit is setup no one can delete or modify file including root. And only root can clear the File immutable bit. To list file attributes on a Linux type:
lsattr /etc/{passwd,shadow,group}
Sample outputs:
-------------e-- /etc/passwd -------------e-- /etc/shadow -------------e-- /etc/group
See how to set/clear/remove immutable bit on a Linux based system and FreeBSD based systems for more information.
#7: Make sure there are no other authorization errors in log file
Check your system log files for any other errors.
#8: Check the contents of /etc/pam.d/
Check the contents of /etc/pam.d/ directory and make sure they are unchanged. You can compare the contents of /etc/pam.d/ directory to another systems /etc/pam.d/ directory.
#9: Make sure encrypted password file is not corrupted
Make sure /etc/shadow (Linux) or /etc/master.passwd (FreeBSD) file is not corrupted. Use the pwck command on Linux to check file integrity. Use pwd_mkdb command on FreeBSD to rebuild /etc/master.passwd file.
See also
See the following man pages for more information:
- Linux man pages: pwunconv(8)
- FreeBSD man pages: pwd_mkdb(8)
🐧 0 comments... add one ↓
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
