linux 无法改密码提示：passwd: Authentication token manipulation error

常见问题
（1）

问题：/etc/passwd, /etc/shadow文件被锁住，不允许修改。

   lsattr /etc/passwd 
----i-------- /etc/passwd
  lsattr /etc/shadow
----i-------- /etc/shadow

[root@shanxi Desktop]# passwd tom
Changing password for user tom.
New UNIX password: 
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password: 
passwd: Authentication token manipulation error

解决方法： 
[root@shanxi Desktop]# chattr -i /etc/shadow 
[root@shanxi Desktop]# chattr -i /etc/passwd
[root@shanxi Desktop]# lsattr /etc/passwd
------------- /etc/passwd
[root@shanxi Desktop]# lsattr /etc/shadow 
------------- /etc/shadow
  

（2）/etc/pam.d/认证的地方出问题了
[root@yitai02 ~]# passwd tom
Changing password for user tom .
passwd: Authentication token manipulation error
You have new mail in /var/spool/mail/root

看了一下是有一行被人注解掉了：
[root@yitai02 ~]# cat /etc/pam.d/passwd 
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
#password   required    pam_stack.so service=system-auth

解决方法：

反注解
[root@yitai02 ~]# cat /etc/pam.d/passwd 
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required    pam_stack.so service=system-auth



另外也可以能是/etc/pam.d/system-auth 文件内容被人清空了。这种情况也不行。
可以都补上，如下：
[root@yitai02 ~]# cat /etc/pam.d/system-auth 
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so