You want Expect. However, if you're using that to control the passwd command, don't forget that it will need to already be running as the user whose password you want to change. If your web server runs JSPs (and hence your perl program which gets called from a JSP) as a user like nobody or somesuch, then you're stuffed. The only user that can change someone elses password is root, and you *really* don't want to run your web server as root, and should be very careful indeed about running setuid root programs from a web server.

Even if you are confident that your perl code is secure, you still need to be careful, because often when root is changing a password he isn't subject to any restrictions like making sure the password isn't a dictionary word.