User/Groups with Kerberos
Kerberos, by design, focuses on authentication only. It provides the user’s principal and is not managing user groups.
For managing the authorization (fine-grained permissions) of users:
1. First, create permissions for a group of users
In the above example, we are creating 2 x new user groups for development and devops, their associated data and application security and any self-service admin-level capabilities.
2. Then add users to groups:
In the above example, we are adding the user with the principal in the format
username@REALM as a member
3. That’s it.
Now you have fine-grain permissions on groups of users via Kerberos authentication.