Skip to main content
OCLC Support

Multiple authentication servers

In EZproxy, in your user.txt file, you can include any combination of authentication methods supported by EZproxy.

In your user.txt file, you can include any combination of authentication methods supported by EZproxy. By default, EZproxy will try each authentication server in sequence until one of them authenticates the username and password provided or the end of user.txt is reached.

Two problems may arise from using multiple authentication servers. First, the authentication servers listed earlier in the file may log errors as EZproxy tries username and passwords against these servers that can only authenticate against servers listed later in the file. Second, many servers delay their "invalid user" responses when they receive an invalid username or password; thus, if you have several servers, these delays may add up to an unacceptable delay in authentication users who validate against entries later in user.txt.

To minimize these issues, you should always arrange the entries in user.txt so that entries that will authenticate the majority of your users appear towards the top of the file.

However, if having EZproxy check multiple servers causes too many error conditions or too great of a delay, you can have your users identify which server should be used to authenticate them. To do this, you edit login.htm and loginbu.htm and add lines similar to this after the <form> tag:

User type: <select name="auth">
  <option value="d1">Student</option>
  <option value="d2">Faculty</option>
</select><br>

or:

User type:
<input type="radio" name="auth" value="d1" checked> Student
<input type="radio" name="auth" value="d2">Faculty

which creates either a pop-up (first sample code) or radio-button (second sample code) for the user to identify which server should be used for authentication. With these in place, you then edit user.txt and add lines like this:

::auth=d1,ftp=ftp.yourlib.org
::auth=d2,domain=faculty-pdc

Here, "d1" and "d2" are just arbitrary field values chosen to link the field "auth" in the login forms to the "auth=" lines in user.txt. "Student" and "Faculty" are the terms that will appear on login form, either in the pop-up or next to the radio buttons. If the user selects "Student", then only the FTP server ftp.yourlib.org will be checked since this line matches the form. If the user select "Faculty," then only the domain server faculty-pdc is checked.

Any lines in user.txt that do not contain "auth=" would be checked regardless of whether student or faculty was checked, such that if you later added three more lines such as:

::auth=d1,ftp=ftp.yourlib.org
::auth=d2,domain=faculty-pdc
chris:secret
pat:code
::imap=imap.yourlib.org

and if a user didn't authenticate before the "chris" line, the username and password provided would be checked against Chris, Pat and the IMAP server, regardless of whether the user selected "Student" or "Faculty."