CAS (Central Authentication Service) is an open source single sign-on system that allows a user to log in once and gain access to multiple applications without re-authenticating. It acts as a central authentication system and proxy, allowing web applications to avoid directly handling user passwords. CAS provides authentication handlers for LDAP, Active Directory, Kerberos, and other systems. It also supports single sign-out, returning user attributes, clustering, and integrating with portals and other applications through proxy authentication.