FS#63262 - [util-linux] login default pam configuration does not allow password update on the TTY

Attached to Project: Arch Linux
Opened by Riri (chicha) - Tuesday, 23 July 2019, 17:01 GMT
Last edited by freswa (frederik) - Thursday, 10 September 2020, 12:59 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Dave Reisner (falconindy)
Christian Hesse (eworm)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No



The login utility from util-linux does not allow users to modify their password when it is set as expired.
Users are getting the error : "Authentication token manipulation error."

The issue comes with /usr/bin/login's default pam configuration (provided by arch's util-linux package maintainers).
Adding the line :

password include system-local-login

to the file "/etc/pam.d/login" solves the issue.
I do not know what justifies this situation, for instance the sshd pam configuration has a line "password include system-remote-login"

Additional info:
* Package util-linux 2.34-3

Steps to reproduce:

I setup some user accounts on my server. I want them to setup their own password at their first login.
I delete and set their password for expiration using "passwd -d -e user_login".
At first login the user cannot set its password getting an error : "Authentication token manipulation error."

Note: this can also be reproduced with a existing user account who already logged, in such case just set the password for expiration: "passwd -e user_login".
This task depends upon

Closed by  freswa (frederik)
Thursday, 10 September 2020, 12:59 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#61843 
Comment by lukpod (lukpod) - Tuesday, 28 July 2020, 17:57 GMT
Duplicate of  FS#61843 .