lesson-login() {
cat << EOF
	This problem contains several challeges.

	The first challenge is to gain superuser authority on the
	system.  Without superuser authority, you will not be
	able to look at log files, nor will you be able to change
	the system configuration.

	Task one, then, is to become superuser.  To do this,
	reboot the system, pressing Ctrl-Alt-Delete from a
	virtual console, or selecting Shutdown from the display
	manager screen.

	Then, use grub to boot up the system in single user mode:
	select your kernel; hit e to edit; select the kernel line
	from the next screen; hit e to edit; add a space and the
	number 1 to the end of the line; hit enter to commit the
	change; hit b to boot.  The system will come up in single
	user mode.

	Now we begin our investigations.  A good starting point
	is to exam log files, perhaps starting with
	/var/log/messages.  The problem with this is that the
	file will be populated by information from the boot.
	Starting at the bottom, search upwards in the file for
	actions happening before the reboot.  Watch the times to
	see when the reboot occurred.

	Searching the log file, you will find lines similar to:

		login(pam_unix)[919]: account root has expired (account expired)
		login[919]: User account has expired

	This implies that the account has expired.  Password and
	account aging information, including account expiration,
	is kept in the /etc/shadow file and manipulated by the
	chage command.  Check out the man page for chage for
	clues as to how to debug the problem further.

	According the the chage man page, the command:

		chage -l root

	will give information on the current state of root's
	aging information.  This will present information similar
	to:

		Minimum:        0
		Maximum:        99999
		Warning:        7
		Inactive:       -1
		Last Change:            Oct 27, 2002
		Password Expires:       Never
		Password Inactive:      Never
		Account Expires:        Jan 02, 1970

	The account expired!  Now, you need to determine how to
	reverse the expiration.  Examining the man page for
	chage, there is a glaring omission: no information exists
	on cancelling an expiration.  Now, you have to infer the
	information.  From the sample chage output above, a few
	possibilities suggest themselves:

		a.  Set an expiration date of 0.  Does it work?

		b.  Set an expiration date of -1.  Does it work?

		c.  Set an expiration date of 99999.  What is the
		    effect?

	And finally:

		d.  Read the shadow man page to determine how to
		    change the expiration date directly (man 5
		    shadow: why is the 5 needed?).

	Try one or more of the above ideas to see which work.

	Lessons:
		o  Know how to break into your system as
		   superuser using grub.  This is a vital task.

		o  Understand how to search through log files
		   when you need to find an entry that is not at
		   the end of the file.

		o  Understand the workings of the authentication
		   system, particularly the uses of the passwd
		   and shadow files and the tools that manipulate
		   them (passwd, chage, etc.).

		o  Man pages are your friends.

		o  Sometimes, you need to be creative in figuring
		   out a solution to problems that you have
		   found.

EOF
}
