External Script Authentication

EZproxy has two methods that allow you to use a script on a web server for user authentication. The method described on this page configures EZproxy so that it performs all direct user interaction during authentication, then calls upon a user provided script to interpret whether or not the username and password are valid. The other option is CGI User Authentication in which all aspects of handling authentication, including user interaction, must be performed by your own script.

The following are examples you might make in user.txt/ezproxy.usr and what they do. In these examples, when ^u appears, EZproxy will automatically replace that with the username provided by the user on the login form; ^p will be replaced by the password from the login form; and ^i will be replaced by the IP address of the remote user. Also, when checking the "valid" string, all user-supplied strings are compared as case-insensitive.

::external=http://auth.yourlib.org/cgi-bin/check.cgi?user=^u&pass=^p

This entry specifies that EZproxy should connect to the script http://auth.yourlib.org/cgi-bin/check.cgi using a GET method and send the variables user and pass with the username and password that was provided on the login form. If this script displays either of the messages +VALID or webchkpass anywhere in its response, then EZproxy will consider the authentication to be valid.

::external=http://auth.yourlib.org/cgi-bin/check.cgi?user=^u&pass=^p,valid=+OK

This example is the same as the first, except that EZproxy will look for +OK in the response from your script to indicate the the information provided is correct.

::external=http://auth.yourlib.org/cgi-bin/check.cgi,post=user=^u&pass=^p,valid=+OK

This example is the same as the second, except that EZproxy will use the POST method to submit the username and password. The POST method is preferred, since it prevents this information from being recorded into your web server log file.

Examples:

  • A simple ASP external script that checks a username and password against an SQL database (replace file extension with ".asp" to use script)
  • A simple PHP external script that checks a username and password against a MySQL database (replace file extension with ".php" to use script)

Groups

Starting with EZproxy 2.2a GA (2003-08-02), an external script may also indicate which groups to which an EZproxy user should be given access. To do this, the script must not only output the valid message, but it must also display a line formatted like this:

ezproxy_group=General+Legal

There may not be any white space in front of this line. In the absence of such information, EZproxy will place the user in whatever groups have been chosen in user.txt/ezproxy.usr.