A client was concerned that their password hash was MD5.
A check of the /etc/shadow file showed:
The first field annotated by a ‘$’ (: is the delimiter) is 6 = SHA256 (1 = MD5)
And /etc/pam.d/common-password specifies it:
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
In this case, the client already was using SHA512 which is correct. If they were using MD5, a change to the line in file /etc/pam.d/common-password mentioned above would be required. The next log in by any user would prompt for a password change so it can be encrypted with SHA512