A company wants to set up single sign-on (SSO) without passing credentials through to each piec Which protocol would meet this requirement? Kerberos OAuth VIDN

To implement Single Sign-On (SSO) without passing user credentials to each application, **Kerberos** is the most suitable protocol among the options provided. ### **Why Kerberos?** 1. **Ticket-Based Authentication:** - **Kerberos** operates using a ticketing system where a **Ticket Granting Ticket (TGT)** is issued after the initial authentication. This TGT can then be used to obtain service-specific tickets without re-entering credentials. 2. **Secure Credential Handling:** - It ensures that user credentials (like passwords) are never sent over the network after the initial authentication, reducing the risk of interception. 3. **Mutual Authentication:** - Both the user and the service verify each other's identities, enhancing security. 4. **Widely Supported in Enterprise Environments:** - Kerberos is extensively used in Windows-based environments and is supported by many enterprise applications for SSO. ### **Why Not OAuth or VIDN?** - **OAuth:** - Primarily designed for **authorization** rather than authentication. While OAuth can be part of an SSO solution, it typically requires additional protocols (like OpenID Connect) for authentication purposes. - **VIDN:** - It appears there might be a typo or misunderstanding regarding "VIDN," as it is not a recognized standard protocol in the context of SSO. ### **Conclusion** For an organization seeking to implement SSO without passing credentials to each application, **Kerberos** stands out as the appropriate and secure choice among the listed options. **Answer:** Kerberos is the protocol that best meets the single sign-on requirements described.