Abbott: Alright, now tell me what you want.
Costello: Now look, I'm working in the IT department. Using UNIX over there. I gotta know the password. You know the password?
Abbott: For the root account?
Costello: Yeah.
Abbott: Yeah, I know it. You know, these days, for security reasons, you can use longer passwords, and they are putting numbers and puncuation in passwords.
Costello: Like what?
Abbott: Like asterisk, or colon.
Costello: Or semicolon.
Abbott: (double-take) Er, certainly.
Costello: So what's the password?
Abbott: Should I tell you here?
Costello: Why not?
Abbott: Okay. the password is not secure.
Costello: That's okay, we'll change it.
Abbott: Why? Is it too hard for you to type? Too easy for crackers to guess?
Costello: I don't know.
Abbott: Why not?
Costello: You haven't told me the password.
Abbott: It's not secure.
Costello: Then we'll change it.
Abbott: To what?
Costello: Something. Anything. As long as it's secure.
Abbott: But it is secure.
Costello: You just said it was insecure.
Abbott: When did I say that?
Costello: Just now.
Abbott: No I didn't.
Costello: You said the password is not secure.
Abbott: That I did.
Costello: Then we should change it.
Abbott: What's wrong with the password being not secure?
Costello: Other people could break into our system.
Abbott: Well, we wouldn't want them to do that.
Costello: So it's agreed. It should be changed.
Abbott: To what?
Costello: Something more secure.
Abbott: That's the old password.
Costello: What's the old password?
Abbott: Something more secure.
Costello: Then why was it changed to be not secure?
Abbott: Password aging.
Costello: Password aging is a security measure, correct?
Abbott: Certainly.
Costello: So the password was changed.
Abbott: Naturally.
Costello: And the new password is insecure.
Abbott: No, but if you leak the password, then it will be insecure, yeah.
Costello: But the password is already not secure.
Abbott: You got it.
Costello: (sighs) Let me get this straight. I'm in charge of creating new accounts.
Abbott: Okay.
Costello: Someone just got hired and they need an account.
Abbott: Of course.
Costello: So I get this call, and I need to login to create an account. I login as root.
Abbott: To create the account, yes.
Costello: I enter root at the login prompt.
Abbott: Or you could use su.
Costello: Or I could use su. Nevertheless, I need to enter the password.
Abbott: Exactly.
Costello: So what do I enter for the password.
Abbott: It's not secure.
Costello: The password prompt? I'm at the console.
Abbott: Yes. You can login as root from the console.
Costello: So what do I enter for the password?
Abbott: I told you, the password is not secure.
Costello: Then after I login, I'll change it.
Abbott: If you are going to change the password, you need to tell the other admins.
Costello: Of course. So I login and change the password to something more secure.
Abbott: Can't do that.
Costello: Why not?
Abbott: The other security measure: password history.
Costello: What's that?
Abbott: Keeps people from changing their password back to their old password when their password ages too much.
Costello: So I'll make the password something more secure.
Abbott: You can't change the password to something more secure, that's the old password.
Costello: What's the old password.
Abbott: Something more secure
Costello: Something more secure than the current password?
Abbott: We tried that, but it's too long.
Costello: But I still can't get a shell prompt.
Abbott: Why not?
Costello: Because you haven't told me the password.
Abbott: I said the password was not secure.
Costello: All I'm trying to do is find out is what the root password is!
Abbott: I know.
Costello: So tell me.
Abbott: Tell you what?
Costello: The root password.
Abbott: I told you. Wait a minute, which system do you want the root password for?
Costello: The NIS master system.
Abbott: I told you.
Costello: You said the password was insecure.
Abbott: No, I didn't. I said the password was not secure.
Costello: But it used to be more secure.
Abbott: Well, it used to be something more secure.
Costello: How secure was it?
Abbott: It was pretty secure, until it was leaked out. Then we changed it to something more secure.
Costello: First, it was pretty secure, then it was something more secure, and now it's not secure?
Abbott: Now that's the first thing you said right.
Costello: I don't even know what I'm talking about! Okay, forget about the NIS master system. Say I need to change the web server configuration.
Abbott: It's been known to be required.
Costello: So, I need to login to the web server. What password should I use there.
Abbott: The password for the web server?
Costello: Yes.
Abbott: Right now, it's the same as the password for the NIS master server.
Costello: Two systems with the same password? That's not secure.
Abbott: Exactly. That's why we are going to change it.
Costello: Of course.
Abbott: As you were saying, you were going to login to the web server.
Costello: And the password is not secure.
Abbott: Naturally.
Costello: So I'm at the password prompt, and I enter the insecure password.
Abbott: Naturally.
Costello: Which is?
Abbott: Not secure.
Costello: I know that.
Abbott: So now you can reconfigure the web server.
Costello: (shrugs) The web server password is insecure. When is it going to be changed.
Abbott: Later today.
Costello: So when I come in tommorrow, and login to the web server, I'll need to give it the new password.
Abbott: That's the password for the gateway machine.
Costello: What's the password for the gateway machine?
Abbott: The new password.
Costello: Is it secure?
Abbott: No, it's the new password.
Costello: Passwords that have just been changed are more secure than passwords that have aged, right?
Abbott: Correct, assuming only the proper people know.
Costello: So the password for the NIS master is not secure, the root account on the gateway machine has the new password and the web server password is not secure today.
Abbott: Yes.
Costello: Can't we just install sudo?

-- Andy "thwarted" Bakun, March 2001