How User Rights Are Granted
Users are granted authorization by ACLs according to the following rules:
1. If you do not specify any ACL (user ACL or authenticator ACL), all users are granted full permissions.
2. If you specify only the authenticator ACL:
For basic authentication, a user will be granted access if one the alias configured in basicauth.cfg file authenticates the user, and this alias is listed in the authenticator ACL.
For SSL, a user will be granted access if the SSL certificate of the user is certified by one of the authenticators listed in the authenticator ACL.
3. If you specify only the user ACL:
For basic authentication, a user will be granted access only if the user’s name is listed in the user ACL.
For SSL, a user will be granted access only if the user's DN is listed in the user ACL.
4. If you specify both user ACL and authenticator ACL:
For basic authentication, only users with both user name and authenticator alias listed in the respective ACLs will be granted access.
For SSL, only users with both the user's DN and its SSL certification authority listed in the respective ACLs will be granted access.