I'm currently working on a project to do something very similar - allow users to change their email passwords on our custom software. I'm using this code as the way of separating the more easily hackable CGI from the password-changing-server running as root. Plus it runs securely between separate machines. I think I would prefer Bluetooth(sp?) but I can't find a module for it yet.

In your particular case the users should just be logging in to change their passwords, since they already have shell accounts.

____________________
Jeremy
I didn't believe in evil until I dated it.