Speaking of which, I'd like to add something like OpenBSD's passwd.conf that
would allow me to select how local passwords and yp passwords are encrypted.

There's a bunch of Linux and FreeBSD systems out there that use MD5 for
password encryption, and it's caused me serious headaches in the past.

Is this better accomplished through login.conf? Comments?