basic_ncsa_auth - Man Page

NCSA httpd-style password file authentication helper for Squid


basic_ncsa_auth passwd file


basic_ncsa_auth allows Squid to read and authenticate user and password information from an NCSA/Apache httpd-style password file when using basic HTTP authentication.

This password file can be manipulated using htpasswd.

This authenticator accepts:
* Blowfish - for passwords 72 characters or less in length.
* SHA256 - with salting and magic strings.
* SHA512 - with salting and magic strings.
* MD5 - with optional salt and magic strings.
* DES - for passwords 8 characters or less in length. NOTE: Blowfish and SHA algorithms require system-specific support.


The only parameter is the password file. It must have permissions to be read by the user that Squid is running as.


basic_ncsa_auth /etc/squid/squid.pass

basic_ncsa_auth must have access to the password file to be executed.

Known Issues

DES functionality (used by htpasswd by default) silently truncates passwords to 8 characters. Allowing login with password values shorter than the one desired. This authenticator will reject login with long passwords when using DES.


This manual was written by Amos Jeffries <>

Based on original documentation by Rodrigo Rubira Branco <>


Questions on the usage of this program can be sent to the Squid Users mailing list <>

Reporting Bugs

Bug reports need to be made in English. See for details of what you need to include with your bug report.

Report bugs or bug fixes using

Report serious security bugs to Squid Bugs <>

Report ideas for new improvements to the Squid Developers mailing list <>

See Also

squid(8), htpasswd(1), GPL(7),
The Squid FAQ wiki
The Squid Configuration Manual

Referenced By


May 16, 2006