The Problem
A new user was created and assigned a password. She logged in and tried to change the password, but got the error mentioned above.
user1@XXXX:/home/user1: passwd Changing password for user user1. Changing password for user1 (current) UNIX password: You must wait longer to change your password Current Password: passwd: Authentication token manipulation error
The Solution
Password aging information for concerned user is as follows:
# chage -l user1
Last password change : Feb 07, 2017
Password expires : May 08, 2017
Password inactive : May 23, 2017
Account expires : never
Minimum number of days between password change : 30
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
Password aging information shows that password was changed on Feb 07, 2017 and “Minimum number of days between password change” is 30 days. Next password change for this user can be done 30 days after Feb 07, 2017. In this case, user was trying to change the password again on Feb 07, 2017, which is not allowed.
The time limit between two successive password changes for a user is defined by “Minimum number of days between password change”. Either the user should wait for the minimum number days to change his/her password again or the setting of “Minimum number of days between password change” should be modified.
If you want to enable users to change their passwords anytime on their own, make the following changes:
1. For existing users,
# chage --mindays 0 username
2. To make it a default for all new users to be created, set PASS_MIN_DAYS in /etc/login.defs to zero.
# vi /etc/login.defs PASS_MIN_DAYS 0
If you want to set “Minimum number of days between password change” to any other value, replace zero with the desired value in the above commands.
Alternate way
You can also change the password aging information to linux defaults and try to change the password again. Changing 4th field to ‘0’ will change Minimum number of days between password change to ‘0’ so that user will be able to change its password without any restrictions.
Make following changes to “/etc/shadow” file as root user:
user:#4$jhagsjas$GJASJgjas/LNh8it5jT.N0:16345:0:99999:7:::
or you can also expire the user’s password using root account:
# chage -d 0 user1
If you veriyf the password information again for the user, you would find:
# chage -l user1
Last password change : Feb 07, 2017
Password expires : May 08, 2017
Password inactive : May 23, 2017
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
Try to change the password and it should work now.