The zookeeper digest authentication and acl scheme needs a bit more documentation. Currently its documented in the programmer guide.
digest uses a username:password string to generate MD5 hash which is then used as an ACL ID identity. Authentication is done by sending the username:password in clear text. When used in the ACL the expression will be the username:base64 encoded SHA1 password digest.
however its actually the digest of the entire credential that needs to be used.
I've attached a python unit test that sets and verifies an acl on a node.