The password salt is itself stored in the password file - in plain text. If it weren't, it would be impossible to verify a password by comparing
Exactly so.
The purpose of a salt is to ensure that if two different users coincidentally choose the same password they don't generate the same hash. There is no requirement that the salt be secret, just that it be different for each user. That prevents rainbow table attacks, among others.
Biting the hand that feeds IT
