If the user is not using auto-login, PAM won’t know what account has to change the password.
The policy is set by target account. You can define the Password View Policy(PVP) to change the target account after being used.
If the user enter the credentials manually, then this is just a simple “string”.
And in the PAM policies, define to view the target account password.
Using this option will deny other users to use the account until the current user check it out.
Example of Password View Policy
At Access screen, get the password and login with it.