I am testing these changes in 12.2 RC1. Unfortunately, they don't work.
"ecryptfs-mount-private" works
However, automatic mounting of the private directory on login does not work.
Comparing the pam setup that I had working in 12.1, here is the change that I had to make to get it to work:
--- common-auth-pc 2012/07/13 14:20:58 1.1
+++ common-auth-pc 2012/07/13 14:20:30
@@ -11,7 +11,7 @@
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
-auth required pam_ecryptfs.so unwrap
auth required pam_env.so
auth optional pam_gnome_keyring.so
auth required pam_unix2.so
+auth required pam_ecryptfs.so unwrap
In other words, making that "pam_ecryptfs.so" line the last entry rather than the first fixes the problem. Presumably, something that is done in the other pam calls is prerequisite for ecryptfs to work.
I am testing these changes in 12.2 RC1. Unfortunately, they don't work.
"ecryptfs- mount-private" works
However, automatic mounting of the private directory on login does not work.
Comparing the pam setup that I had working in 12.1, here is the change that I had to make to get it to work:
--- common-auth-pc 2012/07/13 14:20:58 1.1 keyring. so
+++ common-auth-pc 2012/07/13 14:20:30
@@ -11,7 +11,7 @@
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
-auth required pam_ecryptfs.so unwrap
auth required pam_env.so
auth optional pam_gnome_
auth required pam_unix2.so
+auth required pam_ecryptfs.so unwrap
In other words, making that "pam_ecryptfs.so" line the last entry rather than the first fixes the problem. Presumably, something that is done in the other pam calls is prerequisite for ecryptfs to work.
The unmounting at end of session does work okay.