So it hashes the password and saves the hash to a file. Does the authentication phase then compare a hashed input password against the hash in the file? What prevents a malicious user to create a hash for a password, replace the hash in file and log in with the new password?
echo 'new_password_as_hashed_text' > password