Since I know very little about that I'm not sure how it relates.

If it makes you feel better this is what i'm doing: I'm a webmaster/system admin at a small ISP. This ISP wants users to beable to change their password through a secure web interface. I want to bypass system prompting. I figured out that I can use Net::SSH to connect to the correct systems as root and use echo to pipe the new password to passwd --stdin in one command. I know it might not be the best idea to login as root but I am using SSH with keys and its on our network (never goes outside) so I'm not too worried about it.

What I need is a way to verify that the user is giving me a correct old password. I originally thought of using Net::Telnet but of course that's not nearly as secure and it loses the ability to use a single commmand to change the password (since I would not use root over telnet).

I have authorization to do this, I've been asked to. I'm not worried about my employer suing me. Small companies don't have the money or time for such nonsense

Chris