Fedora 38: impossible to change user password

I had a problem with user password after installing Fedora 38.
Each time I tried to change the user password I’ve got a “password doesn’t match”, problem while updating token".
So, after digging in forums, I found that. people recommended to check /etc/shadow file persmissions. I checked and this file was 0000. After updating to 600 I was able to change the password.
What is the best way to fix that problem ?

1 Like

Hm, the perms should be 0000.

$ ls -lZ /etc/shadow
----------. 1 root root system_u:object_r:shadow_t:s0      1375 Jul 24  2022 /etc/shadow

Is the selinux label same as above?

Check journal when you attempt the password change, any errors from pam?


Just set back the permission to 0000 and checked the SELinux label and everything is like you posted.
I updated the password and now it seems to work.
I will check again in a while …

1 Like

Usually a “password doesn’t match” is a result of mistyping one of the 2 entries, or the ‘current password’ line is not entered correctly.

On my system the user has to enter the password 3 times when using the passwd command.
First is the old password then the new password twice. None of these can be viewed.

Using the gui in gnome settings to change my password is a bit different. It still gives a popup with the 3 lines for password entry but allows the user to view the entries typed if desired.

1 Like

Yes, I checked several time that the password were the same.
After changing the file permission of shadow to 0000, the password change was OK.
Maybe a problem with the keyboard too. I had a problem logging with sddm. It refuses to switch the default keyboard from en to fr.
I was wondering if it was possible that the first password was in EN and the second one used FR …

If it happens again, I will used a GUI from KDE to change the password and check what are the password.
But I was very careful in typing the password. It failed each time and once the permission was changed, it worked.
Let’s close this topic and I will reopen it if I have more information.