Bug ID 753564: Attempt to change password using /bin/passwd fails

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:

Fixed In:

Opened: Dec 19, 2018
Severity: 3-Major


When you run /bin/passwd as root you get an error: passwd.bin: unable to start pam: Critical error - immediate abort Failed to change user's password. Exiting. If you then run /bin/ausearch -m avc -ts recent, you see a lot of selinux denials for passwd.bin.


Root/admin user cannot change password using the standard /bin/passwd executable.


No special conditions needed


The workaround would be to disable selinux, change the password and re-enable selinux: # setenforce Permissive # passwd # setenforce Enforcing Alternatively, you can use the tmsh commands to change the passwords: tmsh modify auth password root Lastly, if you want to modify the selinux policy, this is the standard way of doing it: # ausearch -c passwd.bin --raw | audit2allow -M mypasswd # semoduile -i mypasswd.pp

Fix Information

With fix, BIG-IP has no issues with /bin/passwd.bin being denied by selinux and /bin/passwd works as expected.

Behavior Change