Assume that the passwords controller is set for a singleton route. Also, assume that the authenticated model is an Account. With that, you have the following:
sign_in(current_account, :bypass => true)
flash[:notice] = 'Password updated.'
render :action => :show
The key ingredient is the sign_in method call which seeks to re-sign-in the account, but bypasses the warden callbacks and stores the account into the session.