First
Another possible cause of the “passwd: Authentication token manipulation error” is wrong PAM (Pluggable Authentication Module) settings. This makes the module unable to obtain the new authentication token entered.
The various settings for PAM are found in /etc/pam.d/.
For instance, a mis-configured /etc/pam.d/common-password file can result into this error, running the pam-auth-update command with root privileges can fix the issue.
You might also see this error if the / partition is mounted as read only, which means no file can be modified thus a user’s password can’t be set or changed. To fix this error, the root partition will need to be remounted as read/write as shown.
Passwords for users are stored on /etc/shadow in an encrypted format. If permissions are incorrect for this file, the system be unable to write to the file.
Filesystem errors can potentially cause the system be unable to write to /etc/shadow. Use disk scanning tools such as fsck to fix errors before continuing.
If the root partition is full, the system will be unable to write to /etc/shadow. Run df -h to check disk utilization. If utilization is above 90%, free up some disk space before continuing.