# Enable User Authentication in Squid

in the same config file we have been using :

`cd /etc/squid/conf.d/local.conf`

```bash
auth_param basic progarm /usr/lib/suid/basic_ncsa_auth
```

and i am telling squid to use basic authentication, maybe you want LDAP you can do that by choosing the program for LDAP, and you can find them in /usr/lib/squid

```bash
root@ubuntu:/usr/lib/squid# ls
basic_db_auth        basic_radius_auth  ext_file_userip_acl          helper-mux                    pinger
basic_fake_auth      basic_sasl_auth    ext_kerberos_ldap_group_acl  log_db_daemon                 security_fake_certverify
basic_getpwnam_auth  basic_smb_auth     ext_ldap_group_acl           log_file_daemon               storeid_file_rewrite
basic_ldap_auth      basic_smb_auth.sh  ext_session_acl              negotiate_kerberos_auth       unlinkd
basic_ncsa_auth      cert_tool          ext_sql_session_acl          negotiate_kerberos_auth_test  url_fake_rewrite
basic_nis_auth       digest_file_auth   ext_time_quota_acl           negotiate_wrapper_auth        url_fake_rewrite.sh
basic_pam_auth       digest_ldap_auth   ext_unix_group_acl           ntlm_fake_auth
basic_pop3_auth      diskd              ext_wbinfo_group_acl         ntlm_smb_lm_auth
```

For the basic config program, it is common to follow up the configuration with the file storing credentials which is ‘htpasswd’

```bash
auth_param basic progarm /usr/lib/suid/basic_ncsa_auth /etc/squid/htpasswd
```

I also need to provide any other configuration parameter needed

```bash
auth_param basic realm proxy
```

Now, we just need to tell squid to use it

```bash
acl internal src 192.168.1.0/255.255.255.0
acl authenticated proxy_auth REQUIRED
http_access allow internal authenticated
```

Now we can create the file or let the system do that like this:

```bash
root@ubuntu:/etc/squid/conf.d# htpasswd -c /etc/squid/htpasswd ubuntu
New password:
Re-type new password:
Adding password for user ubuntu
```

ubuntu is the username

to add more users, use -a to append<br>

```bash
root@ubuntu:/etc/squid/conf.d# cat local.conf
http_port 8080
cache_dir ufs /var/spool/squid 800 16 256
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy

acl internal src 192.168.1.0/255.255.255.0
acl authenticated proxy_auth REQUIRED

acl blocked_websites dstdomain facebook.com fb.com linux.com
http_access deny blocked_websites
http_access allow internal authenticated
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://taqiyeddine.gitbook.io/exploring-it/lpic-2-linux-engineer-202-450/lpic-2-linux-professional/squid-proxy-server/enable-user-authentication-in-squid.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.