Here's a few pointers.
2) The ttstppwchange session goes into an infinite loop if you try to run it without being triggered by the ttstppwdaging session. Does anyone find this to be a troublesome thing as users can not change their passwords at will
Update ttstppwchange to the latest fix. This situation has been fixed already on the latest object for the session.
3) Our problem is that when we first create an account in LN for a user, the MIS will know their password. We want to enforce a password change for the user. So what we do is the following
The problem with this is that the password aging object will check for the status of the user account. When you first create an account at the OS level the binary $BSE/bin/badmin6.x will do that via PAM; PAM might actually return a message to badmin6.x that tells the status of the account to the password aging object... I think the problem to implement this might be that password aging will only allow your users to change their password when their accounts at the OS level are reported by PAM to be in a certain status. This is hard coded. You might have to actually put an enhancement request for password aging to handle this scenario. Maybe nprao has implemented something like this with a custom script.