Ticket 49027 - on secfailure do not store cleartext password content
Bug Description: During development of the pbkdf2 module, I noticed that when
the backend was unable to hash the password content, the password was stored as
{CLEAR}<password> into the database. This may be considered a leak of password
material as we write it clear text to disk.
Fix Description: If the pw_enc callback from the password module returns any
value except 0, we return an unwilling to perform, and generate an error to the
error log. This prevents the leak, and notifies the admin and user of the
issue quickly.
https://fedorahosted.org/389/ticket/49027
Author: wibrown
Review by: nhosoi (Thanks!)