Kerberos, by design, focuses on authentication only. It provides the user’s principal and is not managing user groups.
For managing the authorization (fine-grained permissions) of users:
1. First, create permissions for a group of users
In the above example, we are creating 2 x new user groups for development and devops, their associated data and application security and any self-service admin-level capabilities.
2. Then add users to groups:
In the above example, we are adding the user with the principal in the format username@REALM as a member of the DevOps group.
username@REALM
DevOps
3. That’s it.
Now you have fine-grain permissions on groups of users via Kerberos authentication.
For automation use the APIs or the CLI for GitOps.
On this page
