Occasionally, a user may attempt to change their password and encounter the following prompt that states:
"The password for the account (username) was not changed.
Your system administrator may not allow you to change your password or there was some other problem with your password. Contact your system administrator for help."
This prompt appears when the user's Secure Token has been broken, which can occur when the user's password is reset.
Note: The sysadminctl tool may report that the Secure Token status is enabled, even though it is broken.
Restoring the user's Secure Token will allow them to change their password.
If another user account is present on the device with a valid Secure Token, see the KB article SecureToken within GoLive - Users to learn how to restore the affected user's Secure Token.
If no other accounts on the device have a Secure Token, see our KB article Fixing broken Keychains (Secure Tokens) using Recovery Mode.