diff --git a/group_vars/acng.yml b/group_vars/acng.yml
index de7839a7..b7e2c389 100644
--- a/group_vars/acng.yml
+++ b/group_vars/acng.yml
@@ -13,3 +13,5 @@
   ### mgrote.acng
   acng_server_port: 9999
   acng_server_exthreshold: "60" #hebt Pakete 60 Tage auf
+  acng_server_auth_user: acngadmin
+  acng_server_auth_pass: "{{ lookup('keepass', 'acng_webinterface', 'password' }}"
diff --git a/keepass_db.kdbx b/keepass_db.kdbx
index 97244adf..c1d64bd2 100644
Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ
diff --git a/roles/mgrote.acng/defaults/main.yml b/roles/mgrote.acng/defaults/main.yml
index 0acfe2a4..ac1e0e2d 100644
--- a/roles/mgrote.acng/defaults/main.yml
+++ b/roles/mgrote.acng/defaults/main.yml
@@ -1,3 +1,6 @@
 ---
-  acng_server_exthreshold: "60"
-  acng_server_port: 9999
+  acng_exthreshold: "60"
+  acng_server_port: "9999"
+  acng_security_conf_path: "/etc/apt-cacher-ng/security.conf"
+  acng_server_auth_user: acngadmin
+  acng_server_auth_pass: klauspeter
diff --git a/roles/mgrote.acng/tasks/main.yml b/roles/mgrote.acng/tasks/main.yml
index 29c8f6d0..a577ad92 100644
--- a/roles/mgrote.acng/tasks/main.yml
+++ b/roles/mgrote.acng/tasks/main.yml
@@ -12,3 +12,11 @@
       dest: "/etc/apt-cacher-ng/acng.conf"
       mode: 0664
     notify: acng_starten_aktivieren
+
+  - name: templating security.conf
+    become: yes
+    ansible.builtin.template:
+      src: "security.conf"
+      dest: "{{ acng_security_conf_path }}"
+      mode: 0640
+    notify: acng_starten_aktivieren
diff --git a/roles/mgrote.acng/templates/security.conf b/roles/mgrote.acng/templates/security.conf
new file mode 100644
index 00000000..4f395c39
--- /dev/null
+++ b/roles/mgrote.acng/templates/security.conf
@@ -0,0 +1,10 @@
+# This file contains confidential data and should be protected with file
+# permissions from being read by untrusted users.
+#
+# NOTE: permissions are fixated with dpkg-statoverride on Debian systems.
+# Read its manual page for details.
+
+# Basic authentication with username and password, required to
+# visit pages with administrative functionality. Format: username:password
+
+AdminAuth: {{ acng_server_auth_user }}:{{ acng_server_auth_pass }}