Maybe I am missing something with this, but if you use one way encrytion (crypt(), DES, MD5,etc..) they will not see any passwords. What you then do, is take the password provided by the user, encrypt it with whatever scheme you are using, and see if that encrypted mess matches what is in the file. This is not a new concept :)

Cheers,
KM

UPDATE: I am sitting here with Japhy (not j.a.p.h.) and was saying how I don't understand why I see some of the answers I do, and showed him this question. He has a longer explination here on what I just said.