Single sign-on is an attempt to address a problem that is common for all users and administrators. Various systems within the organization likely require the user to log on multiple times to multiple systems. Each one of these systems requires the user to remember a potentially different username and password combination. Most of us tire of trying to remember all this information and begin to look for shortcuts. The most common is to just write down the information. Walk around your office, and you might see that many of your co-workers have implemented the same practice. Single sign-on is designed to address this problem by permitting users to authenticate once to a single authentication authority and then access all other protected resources without reauthenticating. Before you run out and decide to implement single sign-on at your organization, you should be aware that it is expensive and if an attacker can gain entry, that person then has access to everything. Kerberos, SESAME, KryptoKnight (by IBM), and NetSP (a KryptoKnight derivative) are authentication server systems with operational modes that can implement single sign-on.
- SSO provides more efficient user logon process
- Users can create one stronger password to remember
- Inactivity timeout and attempt thresholds (clipping levels) are closer to the entry point, rather than to applications
- Effectiveness of creating and disabling network accounts for terminated users from a centralized database and one user interface
- A compromised user’s ID and password is a license to all system resources that such user is privileged to access.
- Implementation is not an easy task
- Administration of SSO is much more complex
**Source by wikipedia**
To Become Certified For CISSP Please Visit This Link ;