I’m pretty sure this isn’t right. They did store just salted hashes. The algorithm was DES, but inside crypt(3), which produces salted hashes. The reason the passwords were recoverable, though, was that dictionary attacks were very easy because crypt(3) only uses 2 characters of salt for the 8 character passwords.