Just a simple problem, you are running a vServer and have multiple users and some of the users wants to change his password.
They type in the typical UNIX command passwd <your_passwd>
or you type in as root passwd <user_name>
and you get prompted for the password.
But although you got the proper permissions it just keeps saying:
passwd: Authentication information cannot be recovered
The german error for this is:
passwd: password unchanged
passwd: Authentifizierungsinformationen können nicht wiederhergestellt werden
Usually the problem is very easy, you just do not meet the password spcifications, but you get no detailed error on it. So just do
passwd: password unchangedcat /etc/pam.d/common-password
The Output should look something like this:
# # /etc/pam.d/common-password - password-related modules common to all services
# # This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords. The default is pam_unix.
# Explanation of pam_unix options:
# # The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
# # The "md5" option enables MD5 passwords. Without this option, the
# default is Unix crypt.
# # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs.
# # You can also use the "min" option to enforce the length of the new
# password.
# # See the pam_unix manpage for other options. password required pam_unix.so nullok obscure md5
So you just have to fit you password to the current restrictions, in my case, the “obscure” directive caused trouble, because the password was not complicated enough. Just mix many numbers and lower/upper case letters with a minimum length in it.
“use_authtok” seems to be a troublemaker sometimes too.