"Now, we'll go on record right away (admittedly, this
is the second paragraph, so we're lagging behind already ;) by
stating that we do not specifically endorse this method of password
changing. It's very convenient (for users both trustworthy and
malicious) and does the job, but, use of this script in a secure
environment (or any environment that requires protection) is not
recommended. Not only does this script open up many potential
security holes by allowing access to system commands (albeit via
another script that gets called, so it's not "unbelievably" easy to
misuse), it will almost guarantee that you won't get your Sarbanes
Oxley compliance certificate :) That being said, if you have a
small internal net (quarantined from production and other
environments) this can be a handy way to do your updates. In the
worst case, you can just forego the "web experience" and do your
mass password updates using Expect (or any other tool) from the
CLI."