Pass your certification exam. Faster. Guaranteed.

Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.


Comprehensive practice exam engine!

  • Unlimited access to thousands of practice questions
  • Exam readiness score
  • Smart reinforcement


All features in the FREE plan, plus:

  • Focused training ensures 100% exam readiness
  • Personalized learning plan
  • Align exam engine to your current baseline knowledge
  • Eliminate wasted study time
  • Exam pass guarantee
  • And much more

Single Sign On Transcription

Welcome to our single sign-on technology module. In this module, we will discuss Kerberos single sign-on technology and we will also discuss SESAME single sign on technology. Kerberos single sign on technology is a secure protocol which allows authentication in client server network environments. This is used in Microsoft Windows servers domain controller to provide authentication.

It uses symmetric encryption and the user is able to authenticate to the network using different credential options such as a user name and password. A private key, smart card, biometrics or perhaps a combination of these methods for multifactor authentication. Once the user's authenticated into a system, they're provided with the ability to access several different systems and we call this single sign-on because the user only logs in to one system.

But then they're provided access to many different resources or systems. With Kerberos technology, messages are protected against eavesdropping and replay attacks. Here we will look at the steps involved in Kerberos authentication. First step, when a user attempts to access a service is that an authentication server request is sent requesting a ticket-granting ticket or TGT.

The authentication server replies, issuing a ticket-granting ticket. Next, a ticket-granting server request is sent with the ticket-granting ticket, asking for a ticket for service A. The ticket-granting server then replies, issuing a ticket for service A. An application request then occurs, where the ticket that was issued is then sent to service A.

And an application reply then occurs, which ultimately grants access to the user since they have been authenticated. Here we see some of the components that make Kerberos work. Kerberos uses a key distribution center or KDC. This is a service that holds and manages all of the users and services, credentials, and keys.

It's used to provide secure authentication to entities, we call these principles, and these can be users, applications or services. And it can also provide security services for these principles in an area we call a realm. Our authentication server does certificate based authentication but it doesn't provide credential tickets.

User credentials could be stored here but generally this works with Active Directory database, and that's where the user's credentials are stored. The authentication service will authorize users to request tickets. The ticket granting service is what is used to issue the tickets to authenticated users. So once the credentials have been verified a ticket is provided, it is time stamped and it will expire after a few hours. Secret and session keys are used to secure the transmissions between the user and the ticket- granting service. And the ticket is shown by a subject to an object that they're trying to access within their realm, in order to request access. SESAME, or the Secure European System for Applications in a Multi-Vendor Environment was designed as a improvement for Kerberos.

It uses public key cryptography to distribute secret keys. This will help to reduce key management overhead and it uses symmetric keys to encrypt and decrypt data for efficiency. It has more access control features than Kerberos and also is easier to manage and it uses two types of certificates.

One is used to authenticate the subject and the other contains the subjects access privileges. And just like Kerberos, it is vulnerable to impersonation attacks and password guessing. This is why it's important to have your users utilize strong passwords and also require them to change their passwords frequently. This concludes our single sign-on technology module.

Thank you for watching.

Included in all plans.

1000's of practice test questions

Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.

Exam Readiness Score

Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.

Smart Reinforcement

Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.

THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!

PRO Membership Benefits.

Personalized Learning Plan

Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.

Exam Pass Guarantee

Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.

Eliminate Wasted Study Time

Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.

Coming Soon - Simulated Exam

More PRO benefits are being built all the time!