Got npasswd and Ganymede hooked up late last night. It's actually really cool.. whenever a user changes their password through Ganymede (be it through the GUI, the CGI, or the text client), Ganymede turns around and checks the password out with a small C program that reads from STDIN, calls the appropriate libcheckpasswd.a routines, then writes the results to STDOUT. Only takes about a second, and the Ganymede server passes back a nice dialog explaining to the user why their fifteenth try at coming up with a valid password is still too weak. Neat-o. And if the user actually commits the password change transaction into the Ganymede database, Ganymede runs a second C program to record their new password (crypt hashed, of course) into npasswd's password history database, so that users can't re-use passwords that are less than a year old. All transactional, all very clean.
And the cool thing is that the external C programs I'm using for this are actually dirt simple, given that someone has installed npasswd in the first place. So simple that I think I can even bundle optional support for npasswd checking with the userKit, and allow users to figure out for themselves how to make all of the npasswd stuff work. Less documentation work for me, way way more password choosing hassle for their users. Everyone wins!