中文摘要：

Kerberos协议是近年来广泛应用的身份认证协议之一,但是Kerberos协议的研究主要集中在身份认证部分,并未提供授权管理。这里在对Kerberos协议的基本原理及安全性进行分析的基础上,提出一种基于EAP和XACML授权框架的Kerberos认证授权模型,最后对此模型的认证授权能力进行分析。

英文摘要：

Kerberos protocol is one of the widely-used identity authentication protocols in current years. However,Kerberosprotocol focuses attention on identity authentication,but does not provide authorization management. The Kerberos authentica-tion and authorization model based on EAP（extensible authentication protocol）and XACML authorization framework is proposedin this paper on the basis of analysis on the basic principles of Kerberos protocol and safety. The authentication and authoriza-tion capability of this model is analyzed.