remote user authentication steve hunt systems librarian santa monica college library
TRANSCRIPT
![Page 1: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/1.jpg)
Remote User Authentication
Steve HuntSystems Librarian
Santa Monica College Library
http://library.smc.edu/rua.htm
![Page 2: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/2.jpg)
Remote User Authentication
• What it is• Why you need to do it• How it works on-campus• How to do it off-campus• How to get somebody else to do it
for you
![Page 3: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/3.jpg)
What it really is
• Libraries subscribe to e-resources• Examples:
– EbscoHost Master File Premier– Proquest National Newspaper Index– Gale Literature Resource Center– Grove Dictionary of Art– and many, many more
![Page 4: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/4.jpg)
What it really is
• Content providers require access be limited to our users
• Various means to authenticate• Authentication is the process in
which a user 's claim to an identity is checked.
![Page 5: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/5.jpg)
Why you need to do it (Top 10)
• Users like it• More access to information• You have already paid for it• Supports Distance Education• Less use of Library facilities and
PCs
![Page 6: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/6.jpg)
More reasons
• Boss says so• All the big schools are doing it• Good excuse to get that new server
or systems librarian you want• Keeps pesky students out of the
Library• Alternative to keeping library open
24/7
![Page 7: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/7.jpg)
How it works on-campus:IP Authentication • Some remote access solutions use
IP authentication• Network devices have IP addresses• IP addresses are assigned to
organizations in blocks• We provide a list to database
vendors• Vendors check the IP address
![Page 8: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/8.jpg)
SMC IP Address List
• 192.92.124.1-254• 198.147.67.1-254• 204.140.185.1-204.140.187.254• 206.117.45.1-206.117.47.254• 206.117.124.1-206.117.125.254• 207.151.68.1-207.151.69.254• 207.151.112.1-207.151.117.254• 207.233.32.1-254
![Page 9: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/9.jpg)
How it works on-campus:IP Authentication
• IP address based authentication is relatively easy for the vendor and the customer to set up and administrator
• It does not allow off-campus access unless you support…
![Page 10: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/10.jpg)
Direct Dial-in
• School maintains modems or telco equipment
• How remote access used to be provided
• Advantages– No remote user authentication
problems for the Library or Database vendors (just for campus MIS)
![Page 11: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/11.jpg)
Direct Dial-in
• Disadvantages– Expensive (SMC spends $30K/year)– Doesn’t help users
•With a LAN connection •With a cable modem or DSL •For whom campus is a long
distance phone call– Users don’t want it
![Page 12: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/12.jpg)
SMC Student Survey, Spring 2000
• Almost 90% have a home PC• 75% have home Internet access• Only 20% use free SMC dial-up
Conclusion: users can benefit from remote access
![Page 13: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/13.jpg)
How to do it in-house
• Referer URL Authentication• How we do it at SMC • Proxy Servers • Rewriting proxies • Authentication protocols • User data sources • What to authenticate against ?
![Page 14: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/14.jpg)
Referer URL Authentication
• Also called Referring or Referal URL
• A controlled-access web page• Registered with the database
vendor• Vendor allows access if user
selects database URL from that page
![Page 15: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/15.jpg)
Referer URL Authentication
• Uses the HTTP environment variable HTTP_REFERER
• Passed by web browser to web server
• Does not use IP authentication
![Page 16: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/16.jpg)
Referer URL Advantages• Easy to set up
•No additional software•Authentication is done by the
webserver•No additional hardware
• Relatively simple user training issues•No client-side setup involved•No browser version issues •Just have to train them to login
![Page 17: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/17.jpg)
Referer URL Disadvantages• Not very flexible
– Can’t bookmark– Difficult to link from multiple pages – Multiple database URLs from vendor
• Vendor may not support Referer URLs
• Vendor may not support multiple Referer URLs
• Doesn’t scale well
![Page 18: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/18.jpg)
Referer URL• Choose Referer URL Authentication
if:– Small number of resources (<50)– Little need for linking to resources on
other web pages– Users or staff are not motivated to
handle proxy configuration issues– Summary: Referer URL is easy for
users but is not very flexible for the institution and does not scale well
![Page 19: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/19.jpg)
Referer URLs
• Popular Web Server software– Apache– Microsoft IIS
![Page 20: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/20.jpg)
How we do it at
Santa Monica College Library
![Page 21: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/21.jpg)
How we do it at Santa Monica College Library
SMC Environment– Databases subscribed to: 22– Databases that support Referrer URL: 20– Number of Vendors: 14 (12 remote)– 13,000 Student FTE but 30,000 head
count• We use Referer URLs• Database link points to IP-checking
script
![Page 22: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/22.jpg)
How we do it at Santa Monica College Library
• Login link points to a protected page on a IIS webserver
• Only authenticated users are allowed access
• Uses both Basic and NTLM authentication
• Users submit NT username and password to authenticate
• All databases on one page
![Page 23: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/23.jpg)
Proxy Servers
proxyfrom Merriam-Webster’s Collegiate Dictionary Online
Pronunciation: 'präk-sEInflected Form(s): plural prox·iesEtymology: Middle English procucie,
contraction of procuracie, from Anglo-French, from Medieval Latin procuratia, alteration of Latin procuratio procuration
Date: 15th century
![Page 24: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/24.jpg)
Proxy Servers Proxy (cont.)
1 : the agency, function, or office of a deputy who acts as a substitute for another
2 a : authority or power to act for another b : a document giving such authority; specifically : a power of attorney authorizing a specified person to vote corporate stock
3 : a person authorized to act for another : PROCURATOR
![Page 25: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/25.jpg)
Proxy Servers• Perform web retrievals on behalf of a
web browser• Most often used to speed up Internet
access and reduce bandwidth by caching frequently used pages
• Libraries use proxy servers to make off-campus web clients look like on-campus ones
• Authenticated users allowed to relay requests through our IP address space
![Page 26: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/26.jpg)
Proxy Servers: Manual Configuration
![Page 27: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/27.jpg)
Proxy Servers
• Drawbacks of standard browser proxy configuration– All traffic goes through proxy server– User has to manually configure and
unconfigure settings
![Page 28: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/28.jpg)
Proxy Servers
• Proxy Auto Configuration (PAC)– Written in JavaScript– Commonly called proxy.pac– Downloaded by web browser– Allows using a proxy server for some
sites but going direct for others– Look on Google for Library examples
![Page 29: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/29.jpg)
Proxy Servers: Proxy.pac Configuration
![Page 30: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/30.jpg)
A Small proxy.pac File
function FindProxyForURL(url,host) {if( shExpMatch( host, "*.umi.com")) return
"PROXY library.smc.edu:3128"; if( shExpMatch( host,"*.gale.com")) return
"PROXY library.smc.edu:3128"; // otherwise… return "DIRECT";}
![Page 31: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/31.jpg)
Proxy Servers: Advantages
• Can place database links anywhere• A single URL from the database
vendor• Proxy servers scale better
– 20 resources fit on a single page, 5000 do not
![Page 32: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/32.jpg)
Proxy Servers: Disadvantages
• Some browsers don’t support PACs• Problems with multiple proxy
servers• Problems with firewalls• Requires users to be motivated
and willing to install web browsers
![Page 33: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/33.jpg)
Proxy Servers: Disadvantages
• Requires extensive support– Examples
• User may not have permissions to change settings
• Potentially creates a single point of failure
![Page 34: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/34.jpg)
Proxy Servers
• Popular Proxy Server software:– Squid– Apache mod_proxy– Microsoft Proxy Server– Microsoft Internet Acceleration and Se
curity Server
![Page 35: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/35.jpg)
Proxy Servers: Summary
• Proxy servers are relatively easy and flexible for the institution, but require a lot from users
• For most larger libraries they are the only possible solution
![Page 36: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/36.jpg)
Rewriting proxy• Dynamically rewrites URLs in HTML
documents• URLs look like:
– http://library.myschool.edu/proxy-cgi?”http://some.database.com”
• No browser configuration issues• No browser support issues• Examples
– EZProxy– Apache::RewritingProxy
![Page 37: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/37.jpg)
Authentication protocols
• Basic Authentication – Supported by almost all web
browsers, web servers and proxy servers
– Used to protect access to resources
![Page 38: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/38.jpg)
Basic Authentication: Basic Problem
• Sends usernames and passwords unencrypted
• Sends them with every page request
Solution: Use SSL
![Page 39: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/39.jpg)
Basic Authentication and SSL• Secure Socket Layer (SSL) • SSL works in combination with Basic
Authentication to encrypt pages• URLs show https:// rather than
http://• Netscape: padlock in the bottom
left hand corner • Internet Explorer, a yellow lock at
the middle of the status bar
![Page 40: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/40.jpg)
Basic Authentication and SSL
• Supported by: – Netscape Navigator (versions 2.0 and
above), – Internet Explorer (version 3.0 and
above)– AOL (AOL 3.0 and above)
![Page 41: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/41.jpg)
Basic Authentication and SSL
• Problems with SSL– Encryption makes things slower – Must buy certificates or…– Can create your own certificates– Can’t use SSL and Basic
authentication to authenticate to a proxy server
![Page 42: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/42.jpg)
Alternatives to Basic Authentication
• NTLM (Windows NT Lan Manager)– Also known as NTCR. Now called
Integrated Windows Authentication – Passwords are encrypted– Requires NT or Microsoft Networking
client on Win9x as client OS – Requires IE 3.x or greater browser– Cannot pass through a proxy server
![Page 43: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/43.jpg)
Alternatives to Basic Authentication
• Digest– Netscape 4.x still sends
password in clear text with Digest
– Netscape 6 will support digest authentication
![Page 44: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/44.jpg)
Authentication Protocol Problems
• We want a protocol that is– Free– Secure– Works over the Internet– Works with any browser– With any operating system
• There is no such protocol!
![Page 45: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/45.jpg)
Authentication Set-up Examples
• Microsoft Internet Information Server
• Microsoft Proxy Server• Apache web server• Squid proxy server
![Page 46: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/46.jpg)
Authentication Set-up in IIS
![Page 47: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/47.jpg)
Authentication Set-up in IIS
![Page 48: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/48.jpg)
Basic Authentication in MS Proxy
![Page 49: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/49.jpg)
Authentication Set-up in Apache
<Directory "/home/httpd/html/libauth">
AuthName “SMCLAuthentication"
AuthType Basic
PerlSetVar myPDC ROMULUS
PerlSetVar myBDC REMUS
PerlSetVar myDOMAIN STUDENT
PerlAuthenHandler Apache::AuthenSmb
require valid-user
</Directory>
![Page 50: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/50.jpg)
Authentication Set-up in Squid Proxy
Relevant lines from Squid.conf:
acl ourusers proxy_auth REQUIREDhttp_access allow ourusersauthenticate_program
/usr/local/squid/bin/msntauth
![Page 51: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/51.jpg)
Authentication Set-up in Squid Proxy
Msntauth.conf:
server newton romulus studentserver thor remus smc
![Page 52: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/52.jpg)
User data sources
• Where is your user data?– Campus registration system– Network OS user database– Library automation system– E-mail user database
![Page 53: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/53.jpg)
User data sources
• What user data do you want to use?– Network username and password– Student ID number– Library patron barcode number– Passwords, PINs, SSN, Phone number
![Page 54: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/54.jpg)
User data sources
• Make a list– What user data do you want to
use– Where is this user data– What software does this system
use– How will you query the system– Or will you extract the data
![Page 55: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/55.jpg)
SMC User Data Sources
• SMC Registration System “WebISIS”
• Library Automation System• Windows NT User Database
![Page 56: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/56.jpg)
SMC User Data Sources
• SMC Registration System “WebISIS”– Uses Oracle– Sends student data to NT User
Database– Sends student data to Library System– Use SQL or Perl-DBI to query– Is staff data easily available?– Student NT account names assigned?
![Page 57: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/57.jpg)
SMC User Data Sources
• SMC Library Automation System– Sirsi Unicorn– Write shell/Perl script to check User ID
and PIN against user database?– Students might not know User ID/PIN– Inconsistent assignment of staff IDs
![Page 58: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/58.jpg)
SMC User Data Sources
• Windows NT User Database– Info for almost all students and staff– Can easily query domain controllers– Well-integrated with MS-IIS webserver– Also supported by Apache/Squid plug-
ins
![Page 59: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/59.jpg)
Authenticate against what?
• Apache and Squid– Support authentication plug-ins– Plug-ins available for:
•Windows NT user database•LDAP, Radius, MySQL, NCSA, NIS,
Unix password files– Or write your own in Perl, C, etc.
![Page 60: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/60.jpg)
Authenticate against what?
• MS IIS, Proxy Server and ISAS– Windows NT user database– Support authentication plug-ins– Write your own?
![Page 61: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/61.jpg)
How to get somebody else to do it
• Campus MIS• Library Automation Vendor• Database Vendor• Commercial solutions
![Page 62: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/62.jpg)
How to get somebody else to do it
• Campus MIS– Campus-wide authentication project?
•Remote access?•Library needs?
– Ask for anything we have discussed so far
– Tell them This Is Important To The Library And To The School
![Page 63: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/63.jpg)
How to get somebody else to do it
• Library Automation Vendor– Some support remote authentication
• EpixTech (Ameritech)• Innovative Interfaces
– Some systems can be cajoled into authenticating via scripts• DRA• Sirsi
![Page 64: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/64.jpg)
How to get somebody else to do it
• Library Automation Vendor• Advantages
•For some libraries this is their only user database
•Integration with other services provided to users
•Easy user interface (or interface user is familiar with)
![Page 65: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/65.jpg)
How to get somebody else to do it
• Library Automation Vendor• Disadvantages
– You are tied to your ILS vendor’s system
– Your ILS vendor may not support this
– Not all of your database s may be supported by your vendor
![Page 66: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/66.jpg)
How to get somebody else to do it
• Database Vendor Authentication– Provide them a list of user IDs– Patron barcode begins with …– Institutional username and
password for each product
![Page 67: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/67.jpg)
How to get somebody else to do it
• Database Vendor Authentication: Advantages– Easy to implement
• Database Vendor Authentication: Disadvantages– Lack of consistency
![Page 68: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/68.jpg)
How to get somebody else to do it
• Use database vendor authentication methods if– Small number of products (<5)– Small number of users (<5000)– Or no support staff for anything better
![Page 69: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/69.jpg)
How to get somebody else to do it
• Third-party remote access authentication products and services– EZProxy– Obvia– Efixa
![Page 70: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/70.jpg)
Why is it so hard?
• All the user wants is access to the database
• All the vendor wants to know is that this remote user has some connection with your institution
• All the Library wants is to make the vendor and the user happy
![Page 71: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/71.jpg)
Why is it so hard?
• Each site has a unique set of local information systems– Campus IS, – Library automation, – Network OS– Web servers– Locally developed means of
transferring data
![Page 72: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/72.jpg)
Why is it so hard?
• No web authentication method that is– Widely-supported – Inexpensive– Secure
![Page 73: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/73.jpg)
Why is it so hard?
• Off-campus users have a wide variety of – Web browsers – Operating systems– Means of accessing the Internet– Levels of computer expertise
![Page 74: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/74.jpg)
Recommendations
• There is no one right solution• Research and test any solution
– Find out what other libraries are doing– Test web browsers and operating
systems– Provide web page support for your
users– Train library staff on support
![Page 75: Remote User Authentication Steve Hunt Systems Librarian Santa Monica College Library](https://reader030.vdocuments.site/reader030/viewer/2022032701/56649c725503460f94924675/html5/thumbnails/75.jpg)
Remote User Authentication
More resources athttp://library.smc.edu/rpa.htm
This presentation athttp://library.smc.edu/rua.htm