TSM does not send client passwords in the clear.  Here's the text from the
TSM concepts redbook.

Because the storage repository of Tivoli Storage Manager is the place where
all
the data of an enterprise are stored and managed, security is a very vital
aspect
for Tivoli Storage Manager. To ensure that data can only be accessed from
the
owning client or an authorized party, Tivoli Storage Manager implements,
for
authentication purposes, a mutual suspicion algorithm, which is similar to
the
methods used by Kerberos authentication.

Whenever a client (backup/archive or administrative) wants to communicate
with
the server, an authentication has to take place. This authentication
contains
both-sides verification, which means that the client has to authenticate
itself to
the server, and the server has to authenticate itself to the client.

To do this, all clients have a password, which is stored at the server side
as well
as at the client side. In the authentication dialog these passwords are
used to
encrypt the communication. The passwords are not sent over the network, to
prevent hackers from intercepting them. A communication session will be
established only if both sides are able to decrypt the dialog. If the
communication
has ended, or if a timeout period without activity is passed, the session
will be
automatically terminated and a new authentication will be necessary.

_____________________________
William Mansfield
Senior Consultant
Solution Technology, Inc
630 718 4238