The problem here wasn't in returned error code, but in faultly read DBUS
message, due to condition in sss_authtok_set_string.
When password is empty, it passes 0 as length, which is misinterpreted,
and the function tries to determine the length of string by itself,
reaching over boundaries of authtok string.
trac issue:
https://fedorahosted.org/sssd/ticket/1814
Patch is attached
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech