Hi Jane: Good choice of ILS! We set up a tunnel between our SIP self-checkout client and the Evergreen SIP2 server, as documented here: https://coffeecode.net/archives/219-Setting-up-secure-self-check-connections-using-SIP-tunneled-through-SSH.html One small difference being that we now use autossh. If your EZProxy instance is on a Linux box, it should go swimmingly for you; the biggest pain for me was setting up Cygwin on Vista (silly 3M self check). Good luck! Dan On Jan 23, 2015 1:24 PM, "Jane Sandberg" <[log in to unmask]> wrote: > Hi all, > > I'd like to have our EZProxy server authenticate users using SIP2, > which is totally supported and documented here: > http://www.oclc.org/support/services/ezproxy/documentation/usr/sip.en.html > . > > However, I am not enthusiastic about sending unencrypted patron login > information over Telnet or raw sockets, and neither is our ILS > sysadmin. I'd like to figure out a way to perform the SIP2 > authentication/authorization check over SSH, but am not quite sure how > best to do that. Do either of these approaches make sense? > > * Installing stunnel on the EZProxy server to encrypt the outgoing and > incoming SIP2 traffic. > > * Writing a custom external script that would handle the whole auth > process: SSHing into our SIP server and seeing if the user is legit. > Here's what EZProxy has to say about this type of option: > > http://www.oclc.org/support/services/ezproxy/documentation/usr/external.en.html > -- I'd have to write some code to handle the SIP auth rather than > using EZProxy's built-in option, but my ILS has pretty good > documentation for its SIP implementation. > > Am I missing some simpler option? Our EZProxy is running on a Windows > machine, by the way, and we use Evergreen as our ILS. I'd love any > advice or suggestions that you seasoned EZProxy experts can share. > > Appreciatively, > > -Jane > > -- > Jane Sandberg > Electronic Resources Librarian > Linn-Benton Community College > [log in to unmask] / 541-917-4655 >