The PAM system service can be configured to only store encrypted representations of passwords.
In /etc/pam.d/password-auth, the password section of the file controls which
PAM modules to execute during a password change.
Set the pam_unix.so module in the password section to include the option
password sufficient pam_unix.so
other arguments...
This will help ensure that new passwords for local users will be stored using the
algorithm.