[WEB4LIB] another remote authentication query

[Donald Barclay]

Gregory,

The scheme your IT department proposes sounds a bit iffy to me. Some
providers of electronic resources (High Wire Press is, I believe, one
example) rely on IP address, not user passwords. The only passwords involved
with a provider such as High Wire are administrator passwords, and you don't
want those being used in conjunction with user accounts, background or no
background. Anyone who goes in on an administrator account can wreak havoc,
and sooner or later some user will figure out that they have this power.

You might be able to work out some kind of special user-password arrangement
with the resource provider, but this means extra work and opens the
possibility for all kinds of snags.

I would encourage your IT department to think this through a little more.
Theirs may be one of those solutions that works in 95% of the cases, but
that's really not good enough if it means your library users are cut off
from a major electronic resource or two.

Donald A. Barclay
Houston Academy of Medicine-                         always the beautiful
answer
Texas Medical Center Library                         who asks a more
beautiful question
dbarclay at library.tmc.edu                                     --e.e. cummings
713-799-7120



-----Original Message-----
From: web4lib at webjunction.org
[mailto:web4lib at webjunction.org]On Behalf Of Gregory Sennema
Sent: Wednesday, January 24, 2001 11:42 AM
To: Multiple recipients of list
Subject: [WEB4LIB] another remote authentication query


Greetings.

Our IT department is working towards the single authentication system
to access our college's web-services (courseware, registration, library
databases) for both local and remote logins.

I thought this was going to involve the setting up of a proxy, so that
the remote patron would change the proxy settings on their browser, with
the databases "thinking" they are being accessed from the correct IP,
and so on.

However, if I understand correctly, our IT is not wanting our users to
go through a proxy, but rather when the local or remote user logs into
the system, attached to their login file info (LDAP?) are the various
passwords for our research databases.  When the user, after being
authenticated, links to one of our research databases, the id/password
is automatically filled out behind the scenes (ip becomes irrelevant in
this scenario).

Does this sound familiary to anyone?  Is there any documentation that I
could be referred to?  Has anyone tried this and found success with some
databases but not others?

thanks in advance for any help on this.


Greg Sennema
Digital Resources Librarian
Hekman Library
Calvin College & Calvin Theological Seminary
3207 Burton St SE
Grand Rapids, MI 49546
tel: (616) 957-8455
fax: (616) 957-6470