Let's clarify something here: The server must be able to recover the plaintext password.
Consider some things you might do:
- Encrypt the passwords with a key. Store the key in a config file.
- Encrypt the passwords with a smart card/black box.
- Encrypt/decrypt the passwords with the aid of another server by sending HTTPS requests.
- Encrypt the key with a key in RAM. Use mlock() to stop it from being swapped to disk. Hope that you don't have to restart.
None of them help you if the attacker has root (but nothing does). Most of them don't help you if the attacker cuts the power and steals the boxes (RAM is not as non-volatile as you'd like for the purpose).
What attacks are you trying to defend against? What attacks are you ignoring?
One possibility is to encrypt passwords with a key derived from the user's password (like OSX's Keychain, and Windows's equivalent password-storage which nobody uses). When the user is logged on to your web service, you can keep the key in the session (or XOR it with a one-time pad and store the pad in a cookie, and only recover the key when the user sends a request). This makes stealing external passwords from a database backup at least as difficult as cracking the user's password. It doesn't help much against the others, though.