In the Testing the Kerberos login against management interfaces section, we discussed how to secure the management interfaces using the Kerberos ticketing system.

If you don't need that level of complexity in your infrastructure, but you still want to provide an adequate level of security, the recommended approach is to use a directory service. The directory service can be used both for authenticating the user and for granting a role to the user. If your management users will be all SuperUsers then it's enough to configure just the authentication layer. On the other hand, if you want to apply Role-Based Access Control (RBAC) on your management users then you have to configure the authorization part. ...