When using CA PAM to rotate the passwords of CISCO switch accounts by using a UNIX connector, the following error is observed by the hundreds in he CISCO logs

 "error: protocol identification string lack carriage return" 

This seems to be caused by a bug in Java Secure Channel

CA PAM 4.0.1.164

This is indeed a bug detected in jsch versions prior to  0.1.69 

jsch is one of the third party components as stated in the following reference

https://github.com/mwiede/jsch/issues/83

Versions of PAM after 4.0.1.164, already contain a jsch version which is at or above 0.1.69, so the solution is to upgrade PAM to a later version

To check the versions of third-party components shipped with PAM, please consult

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-0-1/third-party-license-acknowledgments.html

For version 4.0.1 and equivalent url for other versions of the product