Regarding James' question:
So without a third-party solution, you cannot use AD Authentication?
HP offers several solutions:
1. Use Advanced Server for OpenVMS to provide NTLM authentication for ExtAuth users. Using Advanced Server for ExtAuth involves no cost - it's absolutely free. But Advanced Server doesn't run on Itanium systems.
However, if an Itanium system is in a cluster with an Alpha running Advanced Server, the Itanium system can send the ExtAuth requests to the Alpha for processing (the necessary IA64 ACME modules are in sys$library: on the Alpha and the command procedure to load the acme modules on the itanium is in sys$startup: on the Alpha; these need to be copied to the Itanium and then the logical name PWRK$ACME_SERVER needs to be defined on the Itanium to the SCSNODE name of the Alpha(s)). See the release notes for Advanced Server v7.3B for more information.
2. Use LDAP. OpenVMS 8.3 (Alpha and Itanium) and later provide the ability (with the right kits installed ;o), to use LDAP for ExtAuth. Authentication can be directed to an Active Directory server or an HP Enterprise Directory server (and possible any of the Linux LDAP adaptations, though I'm not sure that's officially supported yet). See:
http://h71000.www7.hp.com/openvms/security.html#ldap3. Use Kerberos. See:
http://h71000.www7.hp.com/doc/83final/BA554_90008/ch02s09.html?jumpid=reg_R1002_USEN
