Ah, I'd not remembered you could inline C like that. I had similar C code from some other project I'd found on the 'net, but I wasn't looking forward to figuring out all the error checking I'd need between that executable and perl. Using this, I wouldn't have to worry about it as much.
But, I had continued my quest for a pure perl solution while waiting for replies to my question. I sent some email to one of the authors of the Kerberos modules, Jeff Horwitz, he sent the following code as a quick example of how he allows users to change their password. He states in his email:
here's some patched together code that should do the trick (insert your own username, password, and error checking):
my $kadm = Authen::Krb5::Admin->init_with_password($user, $pw);
my $princ = Authen::Krb5::parse_name($user);
my $rc = $kadm->chpass_principal($princ, $pw);
Being part of the "Admin" package, I had assumed that the chpass_principal method needed administrative access rights, apparently that assumption was incorrect. I've not yet tried it, but have no reason to believe it won't work. When I get a chance to try it out, hopefully by the end of today, I'll report back.
Update: Sorry for the delay, I had other projects that kept me from testing this until late last Friday. This doesn't work on an expired password as I need. The init_with_password method returns an error saying the password has expired, thus the $kadm object is invalid, and the chpass_principal method can not be called. Looks like its' back to the inline C code...