diff --git a/config.json b/config.json
index 3c48685..6bc14d1 100644
--- a/config.json
+++ b/config.json
@@ -3,7 +3,6 @@
     "method": "none",
     "password": "password",
     "tunnel_path": "/secret-tunnel-path/",
-
     "server_settings": {
         "disable_tls": false,
         "manage_clients": {
@@ -19,7 +18,6 @@
         "listen_host": "0.0.0.0",
         "listen_port": 443
     },
-
     "client_settings": {
         "disable_tls": false,
         "client_id": "33959370-71e0-401d-9746-cda471fc5926",
@@ -27,6 +25,8 @@
         "server_port": 443,
         "server_domain": "example.com",
         "cafile": "",
+        "listen_user": "",
+        "listen_password": "",
         "listen_host": "127.0.0.1",
         "listen_port": 1080
     }
diff --git a/src/client.rs b/src/client.rs
index 0eaa1c1..05aa06f 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -10,7 +10,11 @@ use bytes::BytesMut;
 use futures_util::{SinkExt, StreamExt};
 use socks5_impl::{
     protocol::{Address, Reply},
-    server::{auth::NoAuth, connection::connect::NeedReply, ClientConnection, Connect, IncomingConnection, Server},
+    server::{
+        auth::{NoAuth, UserKeyAuth},
+        connection::connect::NeedReply,
+        AuthAdaptor, ClientConnection, Connect, IncomingConnection, Server,
+    },
 };
 use std::{
     net::SocketAddr,
@@ -42,9 +46,28 @@ where
     log::trace!("with following settings:");
     log::trace!("{}", serde_json::to_string_pretty(config)?);
 
+    let client = config.client.as_ref().ok_or("client")?;
+
+    let listen_user = client.listen_user.as_deref().filter(|s| !s.is_empty());
+    if let Some(user) = listen_user {
+        let listen_password = client.listen_password.as_deref().unwrap_or("");
+        let key = UserKeyAuth::new(user, listen_password);
+        _run_client(config, Arc::new(key), exiting_flag, callback).await?;
+    } else {
+        _run_client(config, Arc::new(NoAuth), exiting_flag, callback).await?;
+    }
+    Ok(())
+}
+
+async fn _run_client<F, O>(config: &Config, auth: AuthAdaptor<O>, exiting_flag: Option<Arc<AtomicBool>>, callback: Option<F>) -> Result<()>
+where
+    F: FnOnce(SocketAddr) + Send + Sync + 'static,
+    O: Send + Sync + 'static,
+{
     let client = config.client.as_ref().ok_or("client")?;
     let addr = SocketAddr::new(client.listen_host.parse()?, client.listen_port);
-    let server = Server::bind(addr, std::sync::Arc::new(NoAuth)).await?;
+
+    let server = Server::<O>::bind(addr, auth).await?;
 
     if let Some(callback) = callback {
         callback(server.local_addr()?);
diff --git a/src/config.rs b/src/config.rs
index eeeedba..8280545 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -52,6 +52,8 @@ pub struct Client {
     pub cafile: Option<PathBuf>,
     pub listen_host: String,
     pub listen_port: u16,
+    pub listen_user: Option<String>,
+    pub listen_password: Option<String>,
     #[serde(skip)]
     pub cache_dns: bool,
 }