On SQL Server 2000 user was able to change his own password with sp_password procedure. In SQL Server 2005 it doesn't work because sp_password calls ALTER LOGIN which requires ALTER ANY LOGIN permission absolutely without checking, that user chages his own password.
To enable the possibility for ordinary users to change their own passwords you must grant them ALTER ANY LOGIN permission. It is a security risk, because they then are able to change any password including sysadmins!
Tested on Dev Edition on WinXP and Win 2003 Srv Enterprise.