Hi all, I'd like to have our EZProxy server authenticate users using SIP2, which is totally supported and documented here: http://www.oclc.org/support/services/ezproxy/documentation/usr/sip.en.html. However, I am not enthusiastic about sending unencrypted patron login information over Telnet or raw sockets, and neither is our ILS sysadmin. I'd like to figure out a way to perform the SIP2 authentication/authorization check over SSH, but am not quite sure how best to do that. Do either of these approaches make sense? * Installing stunnel on the EZProxy server to encrypt the outgoing and incoming SIP2 traffic. * Writing a custom external script that would handle the whole auth process: SSHing into our SIP server and seeing if the user is legit. Here's what EZProxy has to say about this type of option: http://www.oclc.org/support/services/ezproxy/documentation/usr/external.en.html -- I'd have to write some code to handle the SIP auth rather than using EZProxy's built-in option, but my ILS has pretty good documentation for its SIP implementation. Am I missing some simpler option? Our EZProxy is running on a Windows machine, by the way, and we use Evergreen as our ILS. I'd love any advice or suggestions that you seasoned EZProxy experts can share. Appreciatively, -Jane -- Jane Sandberg Electronic Resources Librarian Linn-Benton Community College [log in to unmask] / 541-917-4655