I did some further research. And so i found out, that IMHO the checkmk documentation for kerberos configuration is incomplete. After reading https://docs.checkmk.com/latest/en/saml.html i added the following lines to the auth.conf. After a restart of the site the agent register is working.
...
# Use Kerberos auth only in case there is no Check_MK authentication
# cookie provided by the user
Require expr %{HTTP_COOKIE} =~ /auth_/
Require expr %{REQUEST_URI} = "/${SITE}/check_mk/register_agent.py"
Require expr %{REQUEST_URI} = '/${SITE}/check_mk/deploy_agent.py'
Require expr %{REQUEST_URI} = '/${SITE}/check_mk/run_cron.py'
Require expr %{REQUEST_URI} = '/${SITE}/check_mk/webapi.py'
Require expr %{REQUEST_URI} = '/${SITE}/check_mk/automation.py'
Require expr %{REQUEST_URI} -strmatch '/${SITE}/check_mk/api/*'
Require expr %{QUERY_STRING} =~ /(_secret=|auth_|register_agent)/
Require expr %{REQUEST_URI} =~ m#^/${SITE}/(omd/|check_mk/((images|themes)/.*\.(png|svg)|login\.py|.*\.(css|js)))#
Require valid-user
...