Research Of A Single Sign-on Technique Based On Improved Kerberos Protocol

With the rapid development of information process, the enterprise has developedin the form of all sorts of different periods of business application systems. Theseindependent business application systems has its own different authentication andauthorization modules, so in actual use for different applications require access tomultiple users of the system has brought no small trouble, but also increased the riskof the user password is lost. In this case, the development of a way to let users log inonly once they can access all authorized applications system technology it has becomeimminent, single sign-on technology in this context came into being.In this paper, an enterprise resource management system portal singlesign-demand, on the portal once the user authentication, you can then access all thebusiness license application system resources. Single Sign emphatically analyzed andrelated technologies, explains the existence of the Kerberos protocol security risks anddrawbacks, and in the traditional Kerberos protocol is proposed based on an improvedversion of the Kerberos single sign-on model. Improved Kerberos protocol model byadding two-factor authentication and lightweight paper technology, greatly improvesthe security of the system.According to the actual needs of the modern enterprise, this paper improved theKerberos protocol based on the model, the design of a single sign-on system, thesystem’s main functions are as follows:①unified authentication.②centralized authorization.③user management.④Application Management.Based on the J2EE platform achieved the system. System through theestablishment of CA is responsible for issuing digital certificates for user and public/private key pair generation, while the user’s digital certificate and private key storedin the user USBKey held, the user copy of the digital certificate stored in the system’sLDAP directory server in; system through the Web Service interface provided forunified authentication.Through testing, the system can meet the actual needs of enterprises is to achievesingle sign of a more excellent solution.