In short, AE switches users with "su". PAM AD users need to be able to (and usually can) do "su".
The requirement for a login object is not affected *), since AE needs to **) have a password, whether it's a local user or PAM user probably does not make a difference.
*) disclaimer: I think. I have not tried this, but I'm rather certain.
**) well, actually it doesn't, because root, which is the user the agent runs as, can "su" without passwords (and thus, you can actually disable all password requirements in the ini file, though that should be reserved for testing purposes). Hence, I assume the password requirement is not so much a technical requirement but one of the Automic security concept, which adds even more credence to my belief that login objects are required with PAM just as with local users.
Hth,
Carsten