You can synchronize the configuration of key functions, such as EIM and Kerberos, across a group of endpoint systems.
You select a model endpoint system and a set of target endpoint systems, and then use the Synchronize Functions wizard to duplicate the model system's Kerberos or EIM configurations (or both) on the specified target systems. Synchronizing these functions from the model system saves you time by eliminating the task of individually configuring each function on each target system. Synchronizing your EIM configurations allows you to create EIM associations between user identities within your network. This in turn allows a user who has different profiles on different systems to work with distributed applications that use Kerberos authentication without having to sign on to each of these systems individually.
For example, John Smith may be JSMITH on system CHICAGO1, JOHNSMITH on system DETROIT1, and JRSMITH on system DENVER. If EIM and Kerberos are configured on all three systems, and all three profiles are associated with the same EIM identifier, John Smith can use Management Central to manage these V5R3 systems. For example, he can run commands on these systems, and monitor performance, jobs, and other resources on these systems. John Smith can also access other services and applications that use EIM and Kerberos authentication without the need for multiple passwords to these different systems across the enterprise.
Using Kerberos and EIM together in this way is referred to as single signon because it eliminates the need to provide multiple user names and passwords for distributed applications. Single signon benefits users, administrators, and application developers by enabling an easier password management system across multiple platforms without the need to change underlying security policies. See Single signon for details on how to enable single signon by using network authentication service and Enterprise Identity Mapping (EIM).