If I had to run, say, Wordpress or SMF for a French client, I'd probably do as perlgeek suggests, and just hook the password create/change function to also store a public-key-encrypted version just for law enforcement / compliance purposes, and let the 3rd party software continue to authenticate as normal.