Change the default password hash method to yescrypt

pam.spec

@@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.5.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@@ -381,6 +381,9 @@ test "$FILE" != %{_sysconfdir}/authselect/fingerprint-auth && \
 exit 0
 
 %changelog
+* Thu Jun 10 2021 Björn Esser <besser82@fedoraproject.org> - 1.5.1-7
+- Change the default password hash method to yescrypt
+
 * Thu Jun 10 2021 Björn Esser <besser82@fedoraproject.org> - 1.5.1-6
 - Add a patch to not use crypt_checksalt for password expiration
   Resolves: #1965345, #1967150

password-auth.pamd

@@ -6,7 +6,7 @@ auth        required      pam_deny.so
 account     required      pam_unix.so
 
 password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
-password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
+password    sufficient    pam_unix.so try_first_pass use_authtok nullok yescrypt shadow
 password    required      pam_deny.so
 
 session     optional      pam_keyinit.so revoke

system-auth.pamd

@@ -6,7 +6,7 @@ auth        required      pam_deny.so
 account     required      pam_unix.so
 
 password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
-password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
+password    sufficient    pam_unix.so try_first_pass use_authtok nullok yescrypt shadow
 password    required      pam_deny.so
 
 session     optional      pam_keyinit.so revoke