ayg wrote:

a) This is bug 6397. Please vote for that if you support it.
b) Passwords are hashed and it is physically impossible for anyone to retrieve
them (without guess-and-check). Developers can currently reset passwords;
allowing it as a permission might not be something the devs are interested in
implementing, but I'll leave that to them.

In the future, please file separate requests separately so they can be dealt
with separately. Since half of this was a duplicate, I'll just edit it so that
it's only the second half of your request.

jimmy.collins wrote:

b) User passwords can be changed by shell ("php maintenance/changePassword.php").

robchur wrote:

Moving to an extension, since I'm not sure this is something we'd want in the
core code. Permissions also aren't enough, we'd need the interface itself
created, and of course, with that would *come* a permission setting.

The new extension http://www.mediawiki.org/wiki/Extension:Password_Reset should solve your issue b). -> Bug FIXED.