###########################################################################
#                    Passsword Recovery for User Accounts                 #
#                                  by                                     #
#             The Honeynet Project and the Research Alliance              #
###########################################################################

                      Last Modified: 30 June, 2005

PURPOSE
=======
Detail the steps required in recovering a local account
passwd when you don't have any terminals  open.  This
process assumes you know the root password.  The examples
below are based on the default account 'roo'.


STEPS
=====
reboot system
at boot splash press any key to enter menu
press "p" to enter passwd
enter grub password (default is "honey")
- - passwd will be echoed like "*****"
press "e" to enter grub command line interface
use up/down arrows to choose line begining with "kernel"
press "e" to edit
- - cursor will be placed at end of line to edit
add a space then type the word "single (no "")
press return to save changes
press "b" to boot

When you see the prompt:
  Give root password for maintenance
  (or type control-D to continue):
enter root passwd and press return

to check whether or not you have lock yourself out of a non root
user account due to 3 consecutive failed logins:

/sbin/pam_tally --user USERNAME

(where username is the username you are testing)
If you see:
user USERNAME  (xxx)   has YYY
(where xxx is USERNAME's UID and YYY is >= 3) Then USERNAME has a
consecutive failed login count greater than 3 and the account has
been locked.

To unlock the account for the above reson:
/sbin/pam_tally --user USERNAME --reset
then reboot

If you have simply (or also) forgoten the passwd for USERNAME:
passwd USERNAME
(supply new passwd)
then reboot