Symptoms ... When you run /bin/passwd as root you get an error: passwd.bin: unable to start pam: Critical error - immediate abort Failed to change user's password. ... Exiting. ... If you then run /bin/ausearch -m avc -ts recent, you see a lot of selinux denials for passwd.bin. ... Impact ... Root/admin user cannot change password using the standard /bin/passwd executable. ... Conditions ... The workaround would be to disable selinux, change the password and re-enable selinux: # setenforce Permissive # passwd # setenforce Enforcing Alternatively, you can use the tmsh commands to change the passwords: tmsh modify auth password root Lastly, if you want to modify the selinux policy, this is the standard way of doing it: # ausearch -c passwd.bin --raw | audit2allow -M mypasswd # semoduile -i mypasswd.pp ... Fix Information ... With fix, BIG-IP has no issues with /bin/passwd.bin being denied by selinux and /bin/passwd works as expected. ... Behavior Change