May this post help the mighty Google to help these poor people who somehow corrupt the security label of their /etc/shadow file. Their ability to log into the system (with any user) disappears and the error messages are all but helpful:
unix_chkpwd[700]: could not obtain user info (root) passwd: Authentication token manipulation error
If You are running Fedora with SELinux enabled (which is the default configuration), You should verify the label with ls -Z
# ls -Z /etc/shadow ----------. root root system_u:object_r:shadow_t:s0 /etc/shadow
If it differs from the line above, use restorecon to fix it:
# restorecon -R /etc
And happy days are here again!
PS! I do like the idea of SELinux and its operating principles, however I fail to understand the point of denying passwd command access to incorrectly labeled files.