Role Based Access Control how-to with Kerberos and JAAS?

[bauhaus9]

All,
   I can successfully use JAAS against a Kerberos KDC to authenticate 
principals, but is there a way to define both users and groups to which 
those users belong in Kerberos such that when a user (bob) authenticates 
successfully, it returns all of the principals for "bob" like "manager, 
user" so that I can set my Java Policy file at a higher level of 
granularity than the individual user.  It is not obvious to me how to do 
that with the kerberos admin commands.

Is it possible?

bauhaus9