When you define your host security domain, a Windows NT group account is automatically created with the same name. User accounts are then added to the group to specify them as members of the host security domain. Once a host security domain is defined, two types of password synchronization options are available to you:
You can specify each of these options for the user name and for the password of a user account. For example, you can choose to map the user names but replicate passwords across the different security domains. This allows you to have the same password but different user names on the different systems in the host security domain.
Once defined, host connections are assigned to the domain. SNA Server uses the assignment to look up the host mapping for a Windows NT user based on the session that he or she is trying to open. A defined host connection can only be assigned to one security domain at a time.
After the connections are assigned to a host security domain, you can add users to the security domain by adding user accounts to the Windows NT group account created earlier. For each account associated with the host security domain, you can enable password synchronization options and automated logon features commonly referred to as Single Sign-On (SSO) services. SSO allows users to log on to their host account automatically if they are already logged onto their Windows NT domain account.
If you are planning to map user names, the initial mapping of host user names to Windows NT domain user names is performed and stored in the Host Account Cache.