Depending on server version, do a limited amount of checking to ensure that passwords are not sent unencrypted over non-TLS network sockets.

NB:
a. iRODS 4.3.x will allow clients to form unencrypted connections (bare TCP sockets) to implement an authentication exchange (in the pam_password scheme) over which passwords are sent occasionally.
b. iRODS 5 will guard this process on the server end but won't block a rogue client from attempting to send an unencrypted password
c. for iRODS 6 ( or as early as 5.1, see #723 (comment) below), it is anticipated (issue #XXX ?) - in an extra negotiation step to be incorporated into the pam_password scheme - iRODS will implement an extra step to forestall (b)