Take the original passwd command and rename it to "passwd.orig" and rename your script into its place (without the .sh ending) and have your script call "passwd.orig". Still not perfect since someone who knows the difference can still call the orig directly.
The alternative would be to dig into the source code of passwd itself, and submit a patch to do what you want to do. That would be the cleanest solution.
