Some connected systems can provide the user's actual password to Identity Manager.
To capture passwords on Active Directory, NIS, and NT Domain, you must do some minor setup to install password filters on connected systems.
This information is in the Password Synchronization sections in the driver implementation guides for the Identity Manager Drivers for Active Directory and NT Domain, at Identity Manager Drivers.
The Identity Manager driver for AD or NT Domain needs to be installed on only one Windows machine. The other domain controllers don't need the driver installed, but each domain controller does need a pwfilter.dll file installed to capture passwords so they can be sent to Identity Manager.
To simplify your setup and administration, a utility is provided that lets you do this for all domain controllers from the Windows machine where the driver is installed.
The Identity Manager Driver for NIS 3.0 can operate with three UNIX authentication data stores: files, NIS and NIS+. A PAM module is provided to capture passwords and send them to the Identity Manager Driver for NIS.
The deployment of the PAM module for the NIS Driver is explained in the Identity Manager Driver for NIS Implementation Guide, at Identity Manager Drivers.