askpass replacement which uses pam module to get password?

[Ford Prefect]

greetings all,

i'm not a member of this list, but i'm wondering if anyone has ever tried 
this before.

i'm deploying some linux clients which authenticate against a yp server.  
at login time, if the user has never logged into the machine before, a 
script automatically creates their home directory.  next, a pam module 
named pam_authtoken opens a unix socket which makes the plaintext password 
available to a script which then runs rsync -e ssh to sync their new home 
directory with the one on the server.  at logout time, the process is 
reversed.  the end result is intended to be similar to the "roaming 
profiles" system of a certain other operating system.

unfortunately, i can't find a way to pipe the password into ssh that 
doesn't expose it one way or another.

has anyone done any work on a way to get ssh (not sshd) to get it's 
password from a pam module (or heck, even from an environment variable)?  
i saw the work done on the fd patch and i guess that's a possibility, but 
i was hoping for something cleaner.

like i said, i'm not subscribed to this list, so please cc me on any 
responses.

thanks for your time,
chris