User/Groups with Kerberos

Kerberos, by design, focuses on authentication only. It provides the user’s principal and is not managing user groups.

For managing the authorization (fine-grained permissions) of users:

1. First, create permissions for a group of users

Create user groups for Kerberos

In the above example, we are creating 2 x new user groups for development and devops, their associated data and application security and any self-service admin-level capabilities.

2. Then add users to groups:

Add new Kerberos users to

In the above example, we are adding the user with the principal in the format username@REALM as a member of the DevOps group.

3. That’s it.

Now you have fine-grain permissions on groups of users via Kerberos authentication.


For automation use the APIs or the CLI for GitOps.