The PAM system service can be configured to only store encrypted
representations of passwords. In
/etc/pam.d/password-auth
,
the
password
section of the file controls which PAM modules execute
during a password change. Set the pam_unix.so
module in the
password
section to include the argument sha512
, as shown
below:
password sufficient pam_unix.so sha512 other arguments...
This will help ensure when local users change their passwords, hashes for
the new passwords will be generated using the SHA-512 algorithm. This is
the default.