I would assume that if it's important enough, you could write a program (or
find one) that will take a password, encrypt it, and store it in a file.
Then your script could use your program to decrypt the password and store it
in a variable.  Then your script could call your dsmadmc command with
-pa=$password.
Realistically, I've found that almost all of the people with root access to
Realistically, I've found that almost all of the people with root access to
a server are trusted by their employer.  Additionally, if you disable remote
login as root, so people can only su to root, you can realistically track
who has access to that password.  By putting the password in clear text in a
file that's only readable by root, I feel you've implemented a realistic
level of security.  If you're a government, or if security is
ultra-necessary, or possibly you have legal requirements, I don't see why
implementing your own password encryption scheme wouldn't be feasable.

As an aside, if you store the password in clear text in a root-only file on
the same server your TSM server lives on, you're really not losing any
security because anybody with root access (see the above paragraph) can just
come along and start TSM in the foreground and do whatever they like, such
as registering an admin with system authority.  Just as TSM admins have to
be trusted individuals, your OS people have to be trusted as well.

Alex Paschal
Storage Administrator
Freightliner, LLC
(503) 745-6850 phone/vmail