Single Sign-On and Kerberos

Kerberos is the most common “single sign-on” technology
Relies on reusable passwords...
Proposal for OTP support not yet standard
Could “roll your own” by GPG signing a timestamped message from authentication server indicating user and possibly IP address...
Modify SSH to allow custom “token” to be authenticated by checking signature against known trusted authentication server public keys

Kerberos is the most common “single sign-on” technology