An upgrade from 6.0 to 7 breaks the PAM configuration, resulting in the inability to log in after the upgrade. 6.0 is confirmed, and 6.1 is probable. I haven't checked 6.2 yet (and that may be a while), nor have I researched this thoroughly. I'll update when I get a chance. Booting with "linux single" and re-running authconfig fixes the problem for both of the customers that I've dealt with on this issue.
Upgrades don't correctly detect if shadow passwords are disabled, and they are enabled by default. This does not show up on fresh installations because authconfig is run by the installer to toggle these settings. A test version of the package which correctly handles this transition is at http://people.redhat.com/nalin/test/. Please see if it fixes the problems you're seeing.
Corrected in the errata release.