You may be interested in introducing authorization based on AD groups. AFAIK, there is no Kerberos support for this scenario. However, you can use LDAP with Active Directory (See a previous blog entry about LDAP based AD authentication):
AuthLDAPURL "ldap://dc1.domain.com:3268 dc2.domain.com:3268/dc=domain,dc=com?userPrincipalName?sub" NONE
require ldap-group CN=Nagios Users,OU=Users,DC=domain,DC=com
dc1.domain.com and dc2.domain.com are two domain controllers serving your AD domain,
firstname.lastname@example.org is the user for LDAP lookup (It has been used before for Kerberos keytab file generation)
password is the password belonging to aduser,
CN=Nagios Users,OU=Users,DC=domain,DC=com is the distinguished name of the AD group for authorization, meaning that members of that group can access Nagios.