Use case of doing password management over SSL was not implemented in the product as an out of the box feature which was a surprised to me. The HTTP communication session should be encryption with SSL to mitigate man in the middle attack. Hope PAM engineering can enable this feature asap.