Changing user password with passwd not possible. Error "passwd: sorry"

Christopher Perrin asked:

I have a FreeBSD Server and a strange problem. Everytime some tries to change a password he gets this

~$ passwd
Changing local password for <USER>
Old Password:
passwd: sorry

The root account is unaffected.

I can’t find any clues in the logs. I don’t use LDAP for authentification and the server is running in a jail.

My answer:

The source code was so short and simple that it only took a moment to find the only place within FreeBSD’s passwd utility where that particular message is printed.

Specifically, it occurs when PAM has failed to authenticate the user. In other words, one of these things:

  1. You mistyped the old password.
  2. passwd doesn’t have the proper permissions; it must be setuid root.
  3. Your local PAM setup is horribly broken; if this were the case, nobody would be able to log in.

My bets are on 2.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.