Andy,
As you mentionned, you may consider using LDAP.
You need to have the ldapux package (/opt/ldapux) installed (reboot), or download it from HP site:
https://software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=J4269AA&date=1- First step would be to have a working ldap directory, download is free from iplanet.com or hp site.
2- Setup each hp-ux system to talk to ldap, you just need to run the ~/config/setup utility. This will create an entry (ldapux profile) on ldap which will be the configuration reference for this host. You could use the same profile for all your hosts.
3- Then you may want to migrate your unix users, from /etc/passwd to ldap (some template scripts exist under ~/migrate/.
Or you could create them manually on ldap by adding the ObjectClass posixaccount to each user.
4- activate ldap:
nsswitch.conf: passwd files ldap
overwrite pam.conf with pam.ldap
Then it's all dynamic, you can create filters to validate accounts on each specific host. Only valid users are seen on the system (use nsquery passwd username or listusers).
The advantage is that you could use the same ldap server to authenticate web users, using the same account/passwd.
Preferably do it on a test system first.
Cheers
S.Aksoy
