I found at least one solution. Openssl can generate password hashes for passwords longer than 8 characters that the libpam-pwdfile module can read:
openssl passwd -1
That's a number 1, not a lowercase letter L. The downside of this method is it doesn't maintain the passwd file for you, like...
Thanks for the tutorial. nopriv_user=ftp is specified twice in your config file.
htpasswd -d only supports 8-character passwords. Is there any way to support longer passwords? I tried the other htpasswd encryption options, but it seems only -d is supported by the libpam-pwdfile module.