Abbott
Alright, now tell me what you want.
Costello
Now look, I'm working in the IT department. Using UNIX over there. I gotta know the password. You know the password?
Abbott
For the root account?
Costello
Yeah.
Abbott
Yeah, I know it. You know, these days, for security reasons, you can use longer passwords, and they are putting numbers and puncuation in passwords.
Costello
Like what?
Abbott
Like asterisk, or colon.
Costello
Or semicolon.
Abbott
(double-take) Er, certainly.
Costello
So what's the password?
Abbott
Should I tell you here?
Costello
Why not?
Abbott
Okay. the password is not secure.
Costello
That's okay, we'll change it.
Abbott
Why? Is it too hard for you to type? Too easy for crackers to guess?
Costello
I don't know.
Abbott
Why not?
Costello
You haven't told me the password.
Abbott
It's not secure.
Costello
Then we'll change it.
Abbott
To what?
Costello
Something. Anything. As long as it's secure.
Abbott
But it is secure.
Costello
You just said it was insecure.
Abbott
When did I say that?
Costello
Just now.
Abbott
No I didn't.
Costello
You said the password is not secure.
Abbott
That I did.
Costello
Then we should change it.
Abbott
What's wrong with the password being not secure?
Costello
Other people could break into our system.
Abbott
Well, we wouldn't want them to do that.
Costello
So it's agreed. It should be changed.
Abbott
To what?
Costello
Something more secure.
Abbott
That's the old password.
Costello
What's the old password?
Abbott
Something more secure.
Costello
Then why was it changed to be not secure?
Abbott
Password aging.
Costello
Password aging is a security measure, correct?
Abbott
Certainly.
Costello
So the password was changed.
Abbott
Naturally.
Costello
And the new password is insecure.
Abbott
No, but if you leak the password, then it will be insecure, yeah.
Costello
But the password is already not secure.
Abbott
You got it.
Costello
(sighs) Let me get this straight. I'm in charge of creating new accounts.
Abbott
Okay.
Costello
Someone just got hired and they need an account.
Abbott
Of course.
Costello
So I get this call, and I need to login to create an account. I login as root.
Abbott
To create the account, yes.
Costello
I enter root at the login prompt.
Abbott
Or you could use su.
Costello
Or I could use su. Nevertheless, I need to enter the password.
Abbott
Exactly.
Costello
So what do I enter for the password.
Abbott
It's not secure.
Costello
The password prompt? I'm at the console.
Abbott
Yes. You can login as root from the console.
Costello
So what do I enter for the password?
Abbott
I told you, the password is not secure.
Costello
Then after I login, I'll change it.
Abbott
If you are going to change the password, you need to tell the other admins.
Costello
Of course. So I login and change the password to something more secure.
Abbott
Can't do that.
Costello
Why not?
Abbott
The other security measure: password history.
Costello
What's that?
Abbott
Keeps people from changing their password back to their old password when their password ages too much.
Costello
So I'll make the password something more secure.
Abbott
You can't change the password to something more secure, that's the old password.
Costello
What's the old password.
Abbott
Something more secure
Costello
Something more secure than the current password?
Abbott
We tried that, but it's too long.
Costello
But I still can't get a shell prompt.
Abbott
Why not?
Costello
Because you haven't told me the password.
Abbott
I said the password was not secure.
Costello
All I'm trying to do is find out is what the root password is!
Abbott
I know.
Costello
So tell me.
Abbott
Tell you what?
Costello
The root password.
Abbott
I told you. Wait a minute, which system do you want the root password for?
Costello
The NIS master system.
Abbott
I told you.
Costello
You said the password was insecure.
Abbott
No, I didn't. I said the password was not secure.
Costello
But it used to be more secure.
Abbott
Well, it used to be something more secure.
Costello
How secure was it?
Abbott
It was pretty secure, until it was leaked out. Then we changed it to something more secure.
Costello
First, it was pretty secure, then it was something more secure, and now it's not secure?
Abbott
Now that's the first thing you said right.
Costello
I don't even know what I'm talking about! Okay, forget about the NIS master system. Say I need to change the web server configuration.
Abbott
It's been known to be required.
Costello
So, I need to login to the web server. What password should I use there.
Abbott
The password for the web server?
Costello
Yes.
Abbott
Right now, it's the same as the password for the NIS master server.
Costello
Two systems with the same password? That's not secure.
Abbott
Exactly. That's why we are going to change it.
Costello
Of course.
Abbott
As you were saying, you were going to login to the web server.
Costello
And the password is not secure.
Abbott
Naturally.
Costello
So I'm at the password prompt, and I enter the insecure password.
Abbott
Naturally.
Costello
Which is?
Abbott
Not secure.
Costello
I know that.
Abbott
So now you can reconfigure the web server.
Costello
(shrugs) The web server password is insecure. When is it going to be changed.
Abbott
Later today.
Costello
So when I come in tommorrow, and login to the web server, I'll need to give it the new password.
Abbott
That's the password for the gateway machine.
Costello
What's the password for the gateway machine?
Abbott
The new password.
Costello
Is it secure?
Abbott
No, it's the new password.
Costello
Passwords that have just been changed are more secure than passwords that have aged, right?
Abbott
Correct, assuming only the proper people know.
Costello
So the password for the NIS master is not secure, the root account on the gateway machine has the new password and the web server password is not secure today.
Abbott
Yes.
Costello
Can't we just install sudo?
-- Andy "thwarted" Bakun, March 2001