diff --git a/Bundler/pam.xml b/Bundler/pam.xml
index 7cc5927..975a46a 100644
--- a/Bundler/pam.xml
+++ b/Bundler/pam.xml
@@ -6,7 +6,7 @@
   <Group name="ssh">
     <Service name="ssh"/>
   </Group>
-  <Group name="db-server">
+  <Group name="ldap">
     <Package name="libpam-cracklib"/>
   </Group>
 </Bundle>
diff --git a/Python/etc/pam.d/common-password b/Python/etc/pam.d/common-password
index ce0c232..c333fea 100644
--- a/Python/etc/pam.d/common-password
+++ b/Python/etc/pam.d/common-password
@@ -41,23 +41,18 @@ pam-auth-update(8) for details.
 @# uncomment the next two in order to use this.
 @# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
 
-if not has('wheezy'):
-    if has('ldap'):
-        print "password   sufficient %s ignore_unknown_user md5 try_first_pass" % pam_module
-    print "password   required   pam_unix.so nullok obscure min=4 max=8 md5 try_first_pass"
-
+@# here are the per-package modules (the "Primary" block)
+if has('ldap'):
+    @password       requisite                       pam_cracklib.so retry=3 minlen=9 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=1 reject_username gecoscheck enforce_for_root difok=0
+    @password       [success=2 default=ignore]      pam_unix.so  nullok obscure sha512 min=4 max=8 md5 try_first_pass
+    print "password       [success=1 default=ignore]      %s minimum_uid=1000 ignore_unkown_user md5 try_first_pass" % pam_module
 else:
-    @# here are the per-package modules (the "Primary" block)
-    if has('ldap'):
-        @password       [success=2 default=ignore]      pam_unix.so  nullok obscure sha512 min=4 max=8 md5 try_first_pass
-        print "password       [success=1 default=ignore]      %s minimum_uid=1000 ignore_unkown_user md5 try_first_pass" % pam_module
-    else:
-        @password       [success=1 default=ignore]      pam_unix.so  nullok obscure sha512 min=4 max=8 md5 try_first_pass
-    @# here's the fallback if no module succeeds
-    @password        requisite                       pam_deny.so
-    @# prime the stack with a positive return value if there isn't one already;
-    @# this avoids us returning an error just because nothing sets a success code
-    @# since the modules above will each just jump around
-    @password        required                        pam_permit.so
-    @# and here are more per-package modules (the "Additional" block)
-    @# end of pam-auth-update config
+    @password       [success=1 default=ignore]      pam_unix.so  nullok obscure sha512 min=4 max=8 md5 try_first_pass
+@# here's the fallback if no module succeeds
+@password        requisite                       pam_deny.so
+@# prime the stack with a positive return value if there isn't one already;
+@# this avoids us returning an error just because nothing sets a success code
+@# since the modules above will each just jump around
+@password        required                        pam_permit.so
+@# and here are more per-package modules (the "Additional" block)
+@# end of pam-auth-update config