how do I restrict users ability to change password?

I'm looking for the same thing

I made a website for this company which wants to use it as a sorta e-commerce site but only for customers that are already known, so no random ppl

so what I did was make 2 roles, "admin" for the ppl who will be maintaining the site and "client" for the known clients

thing I need is that admins can make new users, assign them the role of client and/or admin, but clients are not suppose to be able to change their own password, admins would have to do this for them (I know, it's extremely silly, but customer asks, customer gets...)

so... I'm afraid I'm gonna have to override the whole edit-user form and just omit the password fields if uid is under 2 or if role != admin
I'll see what I can do and I might post the solution here later today

still gotta work on my PHPlist integration which should be finished by next week :x

[edit]
alright, that was fairly easy

I know this is bad practice, but I'm too new at this to make a proper .patch or anything, so I just hardcoded it in user.module

so if u open up the user.module file in ur root\modules\user\ folder and u go to line 1330, u'll see the following:

  if (!$register) {
    $form['account']['pass'] = array('#type' => 'password_confirm',
      '#description' => t('To change the current user password, enter the new password in both fields.'),
      '#size' => 25,
    );

if u would just change that to

  if (!$register && $admin) {
    $form['account']['pass'] = array('#type' => 'password_confirm',
      '#description' => t('To change the current user password, enter the new password in both fields.'),
      '#size' => 25,
    );

then only ppl with the 'administer users' privilege will be able to change passwords

if u want to add another access right u could also go to line 425 where it says

function user_perm() {
  return array('administer access control', 'administer users', 'access user profiles', 'change own username');
}

change that to

function user_perm() {
  return array('administer access control', 'administer users', 'access user profiles', 'change own username', 'change passwords');
}

and then go back to line 1330 and change

  if (!$register) {
    $form['account']['pass'] = array('#type' => 'password_confirm',
      '#description' => t('To change the current user password, enter the new password in both fields.'),
      '#size' => 25,
    );

to

  if (!$register && user_access('change passwords')) {
    $form['account']['pass'] = array('#type' => 'password_confirm',
      '#description' => t('To change the current user password, enter the new password in both fields.'),
      '#size' => 25,
    );

then u can choose which roles can set passwords, ofc the super-admin will always be able to change passwords
but at least this way u could make a separate role and assign it to a few admins so they can handle all the password-shiznitz ^^

I know this is extremely bad practice, but I don't rly know a better way to solve this

btw, I did this in user.module,v 1.745.2.26 2008/01/07 02:30:35, might be slightly different in another version

hope this was helpful
[/edit]

[another edit]
I just went to have a look at ur kappa thingy-thingy site and I was wondering if u might be interested in having that calendar show a tooltip if u hover ur mouse over the days that have an event
like I did on http://www.labs-commotie.be/tromark/ (under development)
[/another edit]

This one may also help:
http://drupal.org/project/userprotect
I assume it can be set-up to disallow the role which the users themselves are in, so they can't edit their own profiles?