It is quite possible to set this kind of thing up. You need access to a server side scripting language and do one of two things:

i) If you have access to database on your server, you might consider one of the Apache database authentication modules (mod_auth_mysql) for example. Then your change password script just does a simple database update.

ii) If you don't, you can do something by shelling out to the htpasswd application that is bundled with Apache.

There's no straight forward way to do it, but one of the above might help you.

As soon as the new password is in the file, the user will be presented with another login dialog by the browser. This is because the credentials currently being used for every request to a page in your protected area will be using the old password.

I don't know of a clean way to handle this, other than to explain to your users on the change password page that they will be required to "login" again.