This paper researches existing popular Single Sign-On model and Kerberos authentication protocol, and discusses the limits of Kerberos protocol in symmetric key technology, improves Kerberos protocol with the public key technology. Then it designs and realizes the agent-based single sign-on system, and by the second ticket method, ensures the safety of the SSO system. Meanwhile, the program has better performance in implementation, operating and management.