Authentication Statements
ACLs can optionally specify the authentication method the server must use when processing the ACL. There are three general methods:
The Basic and Digest methods require the user to enter a user name and password before accessing a resource.
The SSL method requires the user to have a client certificate. To be authenticated, encryption must be turned on for the Proxy Server, and the user’s certificate issuer must be in the list of trusted CAs.
By default, the server uses the Basic method for any ACL that does not specify a method. Your server’s authentication database must support Digest authentication sent by a user.
Each authenticate line must specify what attribute (users, groups, or both users and groups) the server authenticates. The following authentication statement, which would appear after the ACL type line, specifies Basic authentication with users matched to individual users in the database or directory:
authenticate(user) { method = "basic";};
The following example uses SSL as the authentication method for users and groups:
authenticate(user, group) { method = "ssl";};
The following example allows any user whose user name begins with the word sales:
allow (all) user = "sales*";
If the last line is changed to group = sales, then the ACL would fail because the group attribute is not authenticated.
- © 2010, Oracle Corporation and/or its affiliates