The SAP internet user functionality and Password BAPIs
There is standard functionality built into SAP that allows you to create internet users and manage their login and password credentials. These users are ones which use SAP functionality but only via the web and do not need access to the actual SAP system (via the SAPGUI) or are business partners.
These users therefore login the web application via a generic SAP user id to be able to access the functionality. The only problem with this is that as far as the SAP backend system is concerned everyone logged in to the application is the same user. This is where the internet user functionality comes in and allows you to create new users and maintain their details. Originally this was maintained via transaction SU05 but I think it has been moved to SU05_OLD as it is a little obsolete. It's also probably not something SAP wants to promote any more as they would prefer you to buy enough licences to give all your users a proper SAP user account. This way you would get the standard SAP login functionality (i.e. via SU01) and would not need to worry about any other option
You could obviously code this second layer to manage the different users details such as user id, name, password etc. But this also means you would then have to create, maintain the tables and manage the change/authentication/storage encryption etc. of passwords which could add on a lot of effort to your project.
Anyway here are a few Function Modules/BAPI's used in the processing of these internet users.
BAPI_EMPLOYEE_CHECKPASSWORD
Checks if entered password is correct
BAPI_EMPLOYEE_CHANGEPASSWORD
Change employee's password
BAPI_EMPLOYEE_CHECKEXISTENCE
Check if employee exists
BAPI_EMPLOYEE_DEQUEUE
Unlock an employee account after update
BAPI_EMPLOYEE_ENQUEUE
Lock employees account ready for update
BAPI_EMPLOYEE_INITPASSWORD
Reset employees password