PacketShaper allows logging in to the web UI (http / https) using the old touch password but not via remote telnet or SSH. This PacketShaper is joined to PolicyCenter.
The old touch password is probably the PolicyCenter DS (Directory Server) password. The DS password is needed to join PacketShaper to PolicyCenter.
When the PacketShaper is connected to PolicyCenter, the DS password will always work via HTTP in order to give PolicyCenter access to PacketShaper.
For example :
DS password = admin
PS touch password = touch
Suppose you change the touch password of the PacketShaper to newtouch. You will not able to log in to the PacketShaper using the touch password, but you will still be able to use admin to log in.