The “pam_chauthtok(): conversation failure” error can occur when trying to change a user’s password with the passwd command, indicating that the PAM (Pluggable Authentication Modules) module is not able to communicate with the user to verify their identity or to obtain the new password. This can happen for several reasons:
- The user is not logged in to a terminal: The PAM module is unable to communicate with the user if they are not logged in to a terminal.
- The user’s account is locked: The user’s account may be locked due to too many failed login attempts. You can check the status of the user’s account with the command
passwd -S user_name - The user’s account has expired: The user’s account may have expired, preventing them from changing their password. You can check the status of the user’s account with the command
passwd -S user_name - The user’s shell is not configured correctly: The user’s shell may not be configured correctly, preventing the PAM module from communicating with them.
- The user does not have permission to change the password: The user may not have permission to change their password, due to a policy or configuration issue.
- The PAM configuration is not set correctly: The PAM configuration may not be set correctly, preventing the PAM module from communicating with the user.
You can fix this error by checking the status of the user’s account, making sure that the user is logged in to a terminal, ensuring that the user’s shell is configured correctly, checking the user’s permissions, and checking the PAM configuration.
You can also try running the command passwd as the root user, or use the su command to switch to the user and change the password.
It is also recommended to check the system logs for more information about the error.