Ew! I think doing the 22 char test is a valid first step. After all, how many users actually will use a 22 char password. Secondly, for the really paraniod, one could then run a quick dictionary test against it just to ensure. Thirdly, an occasional vgrep of the password data may be needed ( darn that very capable human brain! ).

But the best answer is, IMHO, educational in nature. Just like you cannot legislate against stupidity, you cannot alway program against it either.

UPDATE: You could also have the "admin" function kick off an email or somesuch each time to remind the priviliged of their duty to hash. It would be annoying for them, sure. But they could never complain that they didn't know better.

HTH
--
idnopheq
Apply yourself to new problems without preparation, develop confidence in your ability to to meet situations as they arrise.

~ Shunryu Suzuki