diff -Naur squid-3.0.STABLE24.original/src/cf.data.pre squid-3.0.STABLE24/src/cf.data.pre
--- squid-3.0.STABLE24.original/src/cf.data.pre	2010-02-12 09:23:17.000000000 -0430
+++ squid-3.0.STABLE24/src/cf.data.pre	2010-03-17 09:09:05.345201659 -0430
@@ -62,6 +62,17 @@
   configuration files.
 COMMENT_END
 
+NAME: forward_authenticated_user
+COMMENT: on|off
+TYPE: onoff
+DEFAULT: off
+LOC: opt_forward_authenticated_user
+DOC_START
+	If set, Squid will include the authenticated user on every HTTP request
+	on the header X-Authenticated-User
+DOC_END
+
+
 COMMENT_START
  OPTIONS FOR AUTHENTICATION
  -----------------------------------------------------------------------------
diff -Naur squid-3.0.STABLE24.original/src/globals.h squid-3.0.STABLE24/src/globals.h
--- squid-3.0.STABLE24.original/src/globals.h	2010-02-12 09:23:18.000000000 -0430
+++ squid-3.0.STABLE24/src/globals.h	2010-03-17 09:11:07.784077767 -0430
@@ -87,6 +87,7 @@
     extern int opt_dns_tests;	/* 1 */
     extern int opt_foreground_rebuild;	/* 0 */
     extern int opt_forwarded_for;	/* 1 */
+    extern int opt_forward_authenticated_user;    /* 0 */
     extern int opt_reload_hit_only;	/* 0 */
 #if HAVE_SYSLOG
 
diff -Naur squid-3.0.STABLE24.original/src/http.cc squid-3.0.STABLE24/src/http.cc
--- squid-3.0.STABLE24.original/src/http.cc	2010-02-12 09:23:18.000000000 -0430
+++ squid-3.0.STABLE24/src/http.cc	2010-03-17 09:46:30.523077910 -0430
@@ -1416,6 +1416,16 @@
 
     strFwd.clean();
 
+    /* append X-Authenticated-User if allowed to forward and not already added */
+    if (opt_forward_authenticated_user && !hdr_out->has(HDR_X_AUTHENTICATED_USER)
+        && orig_request->auth_user_request != NULL) {
+        hdr_out->putStr(HDR_X_AUTHENTICATED_USER, orig_request->auth_user_request->username());
+    }
+    /* remove X-Authenticated-User if not allowed to forward */
+    if (!opt_forward_authenticated_user && hdr_out->has(HDR_X_AUTHENTICATED_USER)) {
+        hdr_out->delById(HDR_X_AUTHENTICATED_USER);
+    }
+
     /* append Host if not there already */
     if (!hdr_out->has(HDR_HOST)) {
         if (orig_request->peer_domain) {
diff -Naur squid-3.0.STABLE24.original/src/HttpHeader.cc squid-3.0.STABLE24/src/HttpHeader.cc
--- squid-3.0.STABLE24.original/src/HttpHeader.cc	2010-02-12 09:23:15.000000000 -0430
+++ squid-3.0.STABLE24/src/HttpHeader.cc	2010-03-16 10:51:46.404156357 -0430
@@ -138,6 +138,7 @@
         {"X-Forwarded-For", HDR_X_FORWARDED_FOR, ftStr},
         {"X-Request-URI", HDR_X_REQUEST_URI, ftStr},
         {"X-Squid-Error", HDR_X_SQUID_ERROR, ftStr},
+        {"X-Authenticated-User", HDR_X_AUTHENTICATED_USER, ftStr},
         {"Negotiate", HDR_NEGOTIATE, ftStr},
 #if X_ACCELERATOR_VARY
         {"X-Accelerator-Vary", HDR_X_ACCELERATOR_VARY, ftStr},
diff -Naur squid-3.0.STABLE24.original/src/HttpHeader.h squid-3.0.STABLE24/src/HttpHeader.h
--- squid-3.0.STABLE24.original/src/HttpHeader.h	2010-02-12 09:23:15.000000000 -0430
+++ squid-3.0.STABLE24/src/HttpHeader.h	2010-03-16 10:51:18.014156130 -0430
@@ -112,6 +112,7 @@
     HDR_X_FORWARDED_FOR,
     HDR_X_REQUEST_URI,		/* appended if ADD_X_REQUEST_URI is #defined */
     HDR_X_SQUID_ERROR,
+    HDR_X_AUTHENTICATED_USER,
     HDR_NEGOTIATE,
 #if X_ACCELERATOR_VARY
     HDR_X_ACCELERATOR_VARY,