Zend_Auth will handle most of the authentication for you. Use something along

$auth = Zend_Auth::getInstance();
if (!$auth->hasIdentity()) {
    //call a custom login action helper to try login with GET-params
}
if ($auth->hasIdentity())
    $identity = $auth->getIdentity(); 
    //...
}

Now you can determine the Zend_Acl_Role based on the identity. I always create a new role for each user and let this role ‘inherit’ all generic roles that the user actually has.

// specific user with $identity is given the generic roles staff and marketing
$acl->addRole(new Zend_Acl_Role('user'.$identity), array('staff', 'marketing'));

Of course you can retrieve the array of roles from a database. Then you have to specify the rights of each role. You can hard code that or save these information in a database as well.

$acl->allow('marketing',
        array('newsletter', 'latest'),
        array('publish', 'archive'));

In your controller you can now check

$acl->isAllowed('user'.$identity, Zend_Acl_Resource ...)

If you have a more complex access control where the rights depend on the information inside some classes (probably MCV models), have these classes implement the Zend_Acl_Resource_Interface. Then you use this class as a parameter of a Zend_Acl_Assertion and handle the information there.