POP Authentication

Sites using POP authentication are encouraged to use EZproxy 2.4c GA (2004-03-21) or later. A security issue exists when using versions of EZproxy older than this release that can allow unauthorized users to log in and access proxied content.

To authenticate your users against an existing POP (e-mail) server, edit user.txt/ezproxy.usr and add a line like this:

::pop= popserv.mylib.org


Replace popserv.mylib.org with the appropriate host name for the POP server. This change takes effect immediately, without the need to restart EZproxy. When EZproxy receives authentication requests, it will attempt to connect to the POP server, and if the POP server indicates login success, then the remote user will be authenticated and allowed to proceed.

Secure POP

If your user uses Secure POP, indicate this by adding "ssl," before pop, such as:

::pop,imap=imapserv.mylib.org


In EZproxy prior to 4.0, you must also have performed SSL configuration before you can use Secure POP. In EZproxy 4.0 and later, this prerequisite was removed.

Debug option in EZproxy 2.4c GA (2004-03-21) and later

If you encounter problems with POP authentication, you can change your entry to look like:

::pop= popserv.mylib.org,debug


When you add debug, EZproxy will log additional details to messages.txt/ezproxy.msg of its attempt to perform POP authentication and the results.

Disable APOP in EZproxy 2.4c GA (2004-03-21) and later

EZproxy automatically tries to use APOP to encrypt passwords. For servers that do not support APOP, EZproxy can normally fall back to POP automatically. If POP constantly fails, you may need to explicitly disable the use of APOP. To disable APOP, change your entry in user.txt/ezproxy.usr to look similar to:

::pop= popserv.mylib.org,noapop