You may find http://www.eyrie.org/~eagle/software/kadmin-remctl/readme.html interesting. At stanford they used the Expect module to write perl scripts that controlled the kadmin and kpasswd utilties for account administration. You could certianly do this. Their software is available form http://www.eyrie.org/~eagle/software/kadmin-remctl/. It may be easy to extract the bits you need - I haven't looked at it.

Otherwise, you can probably use the Authen:Krb5 or Authen::Krb5::Admin modules to reset the passwords. There are various others that provide for authentication but I didn't notice one that provided for simply password reset by the users themselves.