We have LDAP channel binding configured, what PAM configurations are needed to use it? Does m.sun.jndi.ldap.LdapCtx support it?

PAM 4.2

PAM is not LDAP channel binding "aware". No additional configurations are needed in PAM for LDAP channel binding. You can test and confirm LDAP channel binding in your environment using the below.

NOTE: This is outside the scope of support. The below requires a registry change, please take appropriate backups. 

On your DC, test in your lower environment.

set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LdapEnforceChannelBinding on a DC and set it to 2.  Test and confirm PAM continues to update passwords and refresh groups successfully.