Well, it all depends on what you have.

for instance -- if you have SSI (server side includes), you can just do something like:

Another option is to use the whole 'AJAX' concept -- JavaScript to make a call back to the server to ask for a new password, and place it into the field. (of course, then you have a javascript dependancy, and you might as well just do the randomization in JavaScript

Or, there's the bit that's already been suggested, and just have a CGI to spit out the form. I typically go with this approach, and use the same CGI that generates the backend and initial form, so that I can do data validation, and then re-populate the form, marking any problems.