Old thread but I'll post the answer anyway so others can find it...
Make the following changes in both /etc/pam.d/system-auth and /etc/pam.d/password-auth:
#password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass #use_authtok
password requisite pam_deny.so
The changes are:
- comment-out the pam_cracklib line
- comment-out the "use_authtok" argument on the pam_unix line
use_authtok effectively tells pam_unix to require a password from the previous step (formerly pam_cracklib). So if you leave it there after commenting-out pam_cracklib, no password is passed to pam_unix and it refuses to prompt for one itself and the whole operation fails.
So these changes cause pam_unix to prompt you for a password instead of pam_cracklib.