how do I disable direct root login on HP-UX servers?

Through which means local on the console or remote via telnet/ssh?
With or without disabling the root user or locking out their password (presumes you have sudo setup to elevate rights of one or several administrative users)?

Remove root entry on the shadow file.

Thank you, svs! sudo is setup on all the servers.

Question though, We have root ssh keys setup on all the servers to enable passwordless login among servers. Will making the change you suggest require removal of the entries in the authorized_keys files? Or will it override the ability to login as root among servers?

It will override, yes.  The manual page for sshd_config has more info on this.

svs,

The time came for me to implement. I disabled PermitRootLogin in the sshd_conf, and had a lot of issues cuz now the ssh keys are not working, as you said earlier would happen. Caused a lot of problems in production. I'm going to look into the man pages for a solution. Am wondering if you have any ideas off the bat on what change I should make to get the root passwordless communication between servers to work again.

You could run two instances of sshd one on 22 that does not permit root login.
And another instance on  a specially designated port that does allow root login.

i.e. 300.