I am using encrypted homes with ecrpytfs on Leap 15.3
At login i am getting the (error) message, that the home could not be mounted, and that i may use "ecryptfs-mount-private" to do so. After doing this and entering the password once again, the home will be mounted.
The expected behaviour would be, to mount the encrypted home at login automagically, as this is the purpose of pam_ecryptfs
For me, it turned out, that the file "/etc/pam.d/common-session-pc" was missing the try_first_pass command.
It looked like:
I am using encrypted homes with ecrpytfs on Leap 15.3 At login i am getting the (error) message, that the home could not be mounted, and that i may use "ecryptfs-mount-private" to do so. After doing this and entering the password once again, the home will be mounted.
The expected behaviour would be, to mount the encrypted home at login automagically, as this is the purpose of pam_ecryptfs
For me, it turned out, that the file "/etc/pam.d/common-session-pc" was missing the try_first_pass command. It looked like:
session optional pam_systemd.so session required pam_limits.so
session required pam_unix.so try_first_pass session optional pam_umask.so
session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm,mdm,sddm session optional pam_ecryptfs.so session optional pam_env.so
I changed the line and added it: session optional pam_ecryptfs.so unwrap try_first_pass
So now, ecryptfs is able to use the stacked password at logon.
I am opening a pull request for this, but as i am not familiar to pam, you may check what to merge.