I'm looking to find out exactly how to go about changing the encryption method of shadow passwords from MD5 to something a bit stronger, like SHA. I've been looking around for a bit now and haven't found out how to do it.
This is for CentOS 5.
I've gathered that I'll most likely need to change the /etc/pam.d/system-auth file. Right now, there is a line that looks like this:
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
I'm guessing the md5 should be changed to something else, like sha512.
What else? I know I'll need to reset all passwords once the change is made, but I thought there was someplace else that controls how the passwd command encrypts passwords.
Any suggestions please?