It is difficult to give a good answer to questions like this one. I would suggest thinking on major objectives first and then plan your deployment on tour own.
I learned Sun ONE DS offers many things oldap doesn't yet have. It is specially so if you have more then few Solaris machines. You could go with SEAM/Ldap config which means native Solaris client and I think it is much more secure then what Padl offers. You could have full unix SSO and Samba connectivity at the same time. Moreover you can ditch Microsoft AD completely which would lessen the burden factor significantly and would make it much more secure. The same allies to NIS. You can also choose Directory Server on it's own which works great for samba but will not give SSO. But you wouldn't have to configure GSS-API on Solaris. You would also want SSL client config instead of SASL. There's always some confusion when choosing authentication and authorization processes in a mixed environment. I think choosing SEAM (which is MIT Kerberos 1.3.1) for the former and DS 5.2 for the latter is the most mature solution for Solaris now. Solaris 9, of course ;-) HTH, -- Michal Kurowski perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#; y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba