I was able to authenticate to the REST service and call getUserID, but when calling other methods such as getItem or getObjectRepresentations, I got a 401 Access denied error.
I found that ca_users.canAccess(...) was returning false because there was no user ID. There was no user ID because the AppController constructor sets 'no_authentication' to 'true'. In this case, RequestHTTP simply creates a new ca_users object without authenticating, hence no user ID.
Changing the 'no_authentication' option to 'false' fixes the issue for me, and I'm able to call the other REST API methods.
Centos 5.5, PHP 5.1.6