Comment 13 for bug 329067

Requiring libpam-cracklib is unnecessary - all that would really need to happen is change pam-auth-update to write /etc/pam.d/common-password with try_authtok instead of use_authtok when it's enabling ldap. (Wiser and more experienced heads than I should test that for other issues but I haven't found any.) Commenting in hopes this gets bumped up the priority list because I was fighting with this for about a week before I had enough information to narrow down the Google results sufficiently.