Use case of doing password management over SSL was not implemented in the product as an out of the box feature which was a surprised to me. The HTTP communication session should be encryption with SSL to mitigate man in the middle attack. Hope PAM engineering can enable this feature asap.
I think that his mean is he wants to do windows password rotation feature over encryption and transport protocols, but PAM only is working over non encryption and transport protocols for this feature. Sorry if I misunderstand
Windows encrypts the session by default. Therefore, it was deemed as an unnecessary step to encrypt it again. Let me know if I'm missing your point.
This feature is very important for us also, please develop it ASAP.
Please fix this bug fastest