diff --git a/templates/shadow-enable-pam.diff b/templates/shadow-enable-pam.diff
index f8666984ee0..6477c3d16d1 100644
--- a/templates/shadow-enable-pam.diff
+++ b/templates/shadow-enable-pam.diff
@@ -170,7 +170,7 @@
 +++ etc/pam.d/login	2008-12-16 03:29:56.000000000 +0100
 @@ -1,11 +1,13 @@
 -#%PAM-1.0
-+auth        requisite      pam_nologin.so
++auth		requisite	pam_nologin.so
  auth		required	pam_securetty.so
 -auth		include		system-auth
 -account		required	pam_nologin.so
@@ -181,17 +181,17 @@
 -session		required	pam_loginuid.so
 -session		optional	pam_console.so
 -session		required	pam_selinux.so open
-+auth        required       pam_unix.so
-+account     required       pam_access.so
-+account     required       pam_unix.so
-+session     required       pam_env.so
-+session     required       pam_motd.so
-+session     required       pam_limits.so
-+session     optional       pam_mail.so      dir=/var/mail standard
-+session     optional       pam_lastlog.so
-+session     required       pam_unix.so
-+password    required       pam_cracklib.so  retry=3
-+password    required       pam_unix.so      md5 shadow use_authtok
++auth		required	pam_unix.so
++account	required	pam_access.so
++account	required	pam_unix.so
++session	required	pam_env.so
++session	required	pam_motd.so
++session	required	pam_limits.so
++session	optional	pam_mail.so	dir=/var/mail standard
++session	optional	pam_lastlog.so
++session	required	pam_unix.so
++password	required	pam_cracklib.so  retry=3
++password	required	pam_unix.so      sha512 shadow use_authtok
 --- etc/pam.d/passwd.orig	2008-12-16 03:30:36.000000000 +0100
 +++ etc/pam.d/passwd	2008-12-16 03:30:52.000000000 +0100
 @@ -1,4 +1,6 @@
@@ -199,12 +199,12 @@
 -auth		include		system-auth
 -account		include		system-auth
 -password	include		system-auth
-+password    required       pam_cracklib.so  type=Linux retry=1 \
-+                                            difok=5 diffignore=23 minlen=9 \
-+                                            dcredit=1 ucredit=1 lcredit=1 \
-+                                            ocredit=1 \
-+                                            dictpath=/lib/cracklib/pw_dict
-+password    required       pam_unix.so      md5 shadow use_authtok
++password	required	pam_cracklib.so  type=Linux retry=1 \
++						difok=5 diffignore=23 minlen=9 \
++						dcredit=1 ucredit=1 lcredit=1 \
++						ocredit=1 \
++						dictpath=/lib/cracklib/pw_dict
++password	required	pam_unix.so	sha512 shadow use_authtok
 --- etc/pam.d/su.orig	2008-12-16 03:31:25.000000000 +0100
 +++ etc/pam.d/su	2008-12-16 03:31:35.000000000 +0100
 @@ -1,13 +1,7 @@
@@ -220,12 +220,12 @@
 -session		required	pam_selinux.so close
 -session		include		system-auth
 -session		required	pam_selinux.so open multiple
-+auth        required        pam_unix.so
-+account     required        pam_unix.so
-+session     optional        pam_mail.so     dir=/var/mail standard
++auth		required	pam_unix.so
++account	required	pam_unix.so
++session	optional	pam_mail.so	dir=/var/mail standard
  session		optional	pam_xauth.so
-+session     required        pam_env.so
-+session     required        pam_unix.so
++session	required	pam_env.so
++session	required	pam_unix.so
 --- etc/pam.d/chage.orig	2008-12-16 03:32:38.000000000 +0100
 +++ etc/pam.d/chage	2008-12-16 03:32:56.000000000 +0100
 @@ -1,4 +1,5 @@
@@ -233,7 +233,7 @@
  auth		sufficient	pam_rootok.so
 -account		required	pam_permit.so
 -password	include		system-auth
-+auth        required        pam_unix.so
-+account     required        pam_unix.so
-+session     required        pam_unix.so
-+password    required        pam_permit.so
++auth		required	pam_unix.so
++account	required	pam_unix.so
++session	required	pam_unix.so
++password	required	pam_permit.so