SSL requires the user to have a client certificate. The web server must have
encryption turned on, and the user's certificate issuer must be in the list of trusted
CAs to be authenticated.
By default, the server uses the Basic method for any ACL that doesn't specify a
method. Your server's authentication database must be able to handle digest
authentication sent by a user.
Each authenticate line must specify what attribute (users, groups, or both users and
groups) the server authenticate. The following authentication statement, which
would appear after the ACL type line, specifies basic authentication with users
matched to individual users in the database or directory:
authenticate (user) {
method = "basic";
};
The following example uses SSL as the authentication method for users and
groups:
authenticate (user, group) {
method = "ssl";
};
The following example allows any user whose username begins with the letters
:
sales
authenticate (user)
allow (all)
user = sales*
If the last line was changed to
group attribute is not authenticated.
Authorization Statements
Each ACL entry can include one or more authorization statements. Authorization
statements specify who is allowed or denied access to a server resource. Use the
following syntax when writing authorization statements:
allow|deny [absolute] (right[,right...]) attribute expression;
, then the ACL would fail because the
group = sales
ACL File Syntax
Appendix C
ACL File Syntax
399