BugZero | VMware BugID 88226 - Unable to reset password for user, Error: Authenti...

VMware - Defect ID: 88226

Unable to reset password for user, Error: Authentication token manipulation error

VMware - Defect ID: 88226

Unable to reset password for user, Error: Authentication token manipulation error

Last updated on February 22nd, 2024

BugZero Risk Score
8.3 High

Overall: N/A

Severity: N/A

Community: N/A

Lifecycle: N/A

What is the BugZero Risk Score?

VMware Integration

Learn more about where this data comes from

VMware Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 1

Description

Symptoms

We are unable to reset password for a user using the passwd command.Attempting to change the password with the command results in the following error: Password has already been used. Choose another.passwd: Authentication token manipulation errorpasswd: password unchanged

Purpose

Fix the /etc/pam.d/system-password file to be able to manage the passwords for the local accounts on the SDDC manager.

Cause

An existing issue in SDDC manager 4.2: One of the post update/install scripts was making updates/changes to the system-password file using an unrecommended method, which was changing the order of the sections, which is vital for this file.

Impact / Risks

Minimal: Make a copy of the /etc/pam.d/system-password file prior to making any changes to it.Since we are making changes to a system configuration file, a local copy of the file is advised.

Resolution

The underlying cause has been resolved in VCF 4.3 However, if the file sections were already in an incorrect order, the update would not resolve that -- that would still require manual intervention with the steps mentioned in the Workaround section.

Workaround

- SSH to the SDDC Manager- Make a copy of the system-password file: cp /etc/pam.d/system-password /home/vcf/system-password.copy - Edit the file /etc/pam.d/system-password.The file should look like this (including the actual order of the lines): # Begin /etc/pam.d/system-password # use sha512 hash for encryption, use shadow, and try to use any previously # defined authentication token (chosen password) set by any prior module password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=8 minclass=4 difok=4 retry=3 maxsequence=0 enforce_for_root password required pam_pwhistory.so enforce_for_root use_authtok remember=5 retry=3 password required pam_unix.so sha512 use_authtok shadow try_first_pass # End /etc/pam.d/system-password - Save the file - Attempt the password reset operation again

Related Information

The same steps are also applicable to other VMware appliances running photonOS (such as vCenter Server Appliance).

Change history

Top VMware Defects

No bugs this month

VMware Integration

Learn more about where this data comes from

VMware Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

VMware - Defect ID: 88226

Unable to reset password for user, Error: Authentication token manipulation error

VMware - Defect ID: 88226

Unable to reset password for user, Error: Authentication token manipulation error

Last updated on February 22nd, 2024

BugZero Risk Score8.3 High

Bug Details

Symptoms

Purpose

Cause

Impact / Risks

Resolution

Workaround

Related Information

Links

Top VMware Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
8.3 High