Authentication Methods
ACLs can optionally specify the authentication method the server must use when processing the ACL. There are three general methods:
Basic and digest require users to enter a username and password before accessing a resource.
SSL requires the user to have a client certificate. The web server must have encryption turned on, and the user’s certificate issuer must be in the list of trusted CAs to be authenticated.
By default, the server uses the Basic method for any ACL that doesn’t specify a method. Your server’s authentication database must be able to handle digest authentication sent by a user.
Each authenticate line must specify what attribute (users, groups, or both users and groups) the server authenticate. The following authentication statement, which would appear after the ACL type line, specifies basic authentication with users matched to individual users in the database or directory:
authenticate (user) { method = “basic”; };
The following example uses SSL as the authentication method for users and groups:
authenticate (user, group) { method = “ssl”; };
The following example allows any user whose username begins with the letters sales:
authenticate (user)
allow (all)
user = sales*
If the last line was changed to group = sales, then the ACL would fail because the group attribute is not authenticated.
- © 2010, Oracle Corporation and/or its affiliates