Since I know very little about that I'm not sure how it relates.
If it makes you feel better this is what i'm doing: I'm a webmaster/system admin at a small ISP. This ISP wants users to beable to change their password through a secure web interface. I want to bypass system prompting. I figured out that I can use Net::SSH to connect to the correct systems as root and use echo to pipe the new password to passwd --stdin in one command. I know it might not be the best idea to login as root but I am using SSH with keys and its on our network (never goes outside) so I'm not too worried about it.
What I need is a way to verify that the user is giving me a correct old password. I originally thought of using Net::Telnet but of course that's not nearly as secure and it loses the ability to use a single commmand to change the password (since I would not use root over telnet).
I have authorization to do this, I've been asked to. I'm not worried about my employer suing me. Small companies don't have the money or time for such nonsense
You might be wasting your time as most password changes are the result of forgetting the password in the first place. Besides you want to hand out as little information as possible when it involves your security.
As to permission, do you have it in writing? The company may not sue you but they can always fire you. And people will tend to believe a company over an ex-employee.