[Freeipa-users] How to set up kerberized web service with access control?

Hi folks, on RHEL8.0, we've set up a small cluster with a FreeIPA server and two clients, one running a browser (Firefox) and the other running a web server (tomcat). (IdM is still configured with the defaults.) Now, what is the proper way to tackle fine grained access control to the web service? We want to do something like the IdM server GUI, i.e. some users are authorized to use all the functions of the GUI, others are restricted to editing or viewing a limited set of pages, and others are locked out. So far I've looked into host based authentication, but that doen't seem to solve the task at hand. All access control should be done through Kerberos tickets. A pointer to related documentation would also help. Ciao Dominik ^_^ ^_^ -- Dominik Vogt