Now that we know how to set up our cache and allow (and deny) access to it, the next step is to consider authentication . The major advantages to requiring authentication to your cache are logging and access restriction. With authentication required, every HTTP request from evey user will be logged with a timestamp and the username. You can then easily run a report on this logfile to find out what web sites users are visiting. Squid supports many different kinds of external authentication (similarly to Apache). You can have Squid authenticate against your LDAP server, your RADIUS server, or your Microsoft Windows Active Directory server. For our purposes, we're going to demonstrate how to configure Squid to authenticate against a standard Apache authentication file created with the htpasswd program.

First, you must ensure that the ncsa_auth command came with your version of Squid. If you have a binary package from your vendor, ncsa_auth is probably in either /usr/sbin or /usr/lib/squid. If you compiled Squid from source, you have to go back to the Squid source tree and follow these steps:

# cd auth_modules/NCSA
# make
# make install

The next step is to create an authentication file with the htpasswd program. We already have htpasswd on our system at /opt/apache/bin/htpasswd from our Apache install, so we can run this command:

# /opt/apache/bin/htpasswd -c /opt/squidusers.htpasswd demouser

Enter the password twice for demouser and we have our authentication file. ...