diff --git a/policy_pam/meta/main.yml b/policy_pam/meta/main.yml
index 85198ada..5da132b9 100644
--- a/policy_pam/meta/main.yml
+++ b/policy_pam/meta/main.yml
@@ -14,6 +14,8 @@ galaxy_info:
     - name: Debian
       versions:
         - bullseye
+        - buster
+        - stretch
 
   galaxy_tags: []
     # Be sure to remove the '[]' above if you add dependencies
diff --git a/policy_pam/tasks/main.yml b/policy_pam/tasks/main.yml
index 26587d26..a2746011 100644
--- a/policy_pam/tasks/main.yml
+++ b/policy_pam/tasks/main.yml
@@ -1,20 +1,32 @@
 ---
 
-# System compatibility check. yescrypt only works on Debian 11+
-# So we ensure that this role isn't executed on older systems
+# System compatibility check.
+# Untested on old (Jessie & older) Debian versions
 - name: "System compatibility check"
-  assert:
+  ansible.builtin.assert:
     that:
       - ansible_distribution == "Debian"
-      - ansible_distribution_major_version is version_compare('11', '>=')
-    msg: pam_policy is only compatible with Debian >= 11
+      - ansible_distribution_major_version is version_compare('9', '>=')
+    msg: pam_policy is only compatible with Debian >= 9
 
+# yescrypt, Debian 11 default hashing alg isn't present on Debian 10 and lower
+- name: "Set hashing alg (sha512 - Debian <= 10)"
+  ansible.builtin.set_fact:
+    pam_policy_hashing_alg: 'sha512'
+  when:
+    ansible_distribution_major_version is version_compare('10', '<=')
+
+- name: "Set hashing alg (yescrypt - Debian >= 11 )"
+  ansible.builtin.set_fact:
+    pam_policy_hashing_alg: 'yescrypt'
+  when:
+    ansible_distribution_major_version is version_compare('11', '>=')
 
 
 # PAM -- pam_pwquality
 
 - name: libpam-pwquality is installed
-  apt:
+  ansible.builtin.apt:
     state: present
     name:
       - libpam-pwquality
@@ -37,7 +49,7 @@
   when: policy_pam_pwquality is false
 
 - name: Configure pam_pwquality
-  replace:
+  ansible.builtin.replace:
     dest: /etc/security/pwquality.conf
     regexp: "^#? ?{{ item.name }} = .*"
     replace: "{{ item.name }} = {{ item.value }}"
@@ -70,7 +82,7 @@
 
 # Enforce password minimal age to prevent pam_pwhistory to be circumvented by multiples password changes
 - name: Change PASS_MIN_DAYS
-  replace:
+  ansible.builtin.replace:
     dest: /etc/login.defs
     replace: 'PASS_MIN_DAYS\g<1>{{ policy_pam_password_min_days }}'
     regexp:  '^PASS_MIN_DAYS(\s+).*'
@@ -81,12 +93,12 @@
   ansible.builtin.lineinfile:
     dest: /etc/pam.d/common-password
     regexp: 'pam_unix.so obscure'
-    line: "password       [success=1 default=ignore]      pam_unix.so obscure use_authtok try_first_pass yescrypt"
+    line: "password       [success=1 default=ignore]      pam_unix.so obscure use_authtok try_first_pass {{ pam_policy_hashing_alg }}"
   when: policy_pam_pwhistory or policy_pam_pwquality
 
 - name: Update pam_unix if previous modules are all disabled
   ansible.builtin.lineinfile:
     dest: /etc/pam.d/common-password
     regexp: 'pam_unix.so obscure'
-    line: "password       [success=1 default=ignore]      pam_unix.so obscure yescrypt"
+    line: "password       [success=1 default=ignore]      pam_unix.so obscure {{ pam_policy_hashing_alg }}"
   when: policy_pam_pwhistory is false and policy_pam_pwquality is false
\ No newline at end of file