SSO is a property of an authentication scheme. You can use more than one method to set up SSO. For example:
- If you’re using Kerberos, you can use either the kerberos authentication subsystem, or the external authentication subsystem with a proxy that handles Kerberos authentication.
- If you’re using CAS, you must use the external authentication subsystem with a proxy that handles CAS authentication.
In summary, external authentication and SSO are not interdependent: you can set up external authentication that is not SSO (for example, using an Apache proxy with a mod_auth_basic setting), and you can set up an SSO system that is not using the external authentication subsystem (for example, using the kerberos authentication subsystem).
See Authentication subsystem types for a listing of the authentication subsystems and the features that they support.