With the help of David Howells here at LCA2010, I actually have a working fix for this.
There's a couple of moving pieces. There's a minor patch to pam_keyinit.so, a small patch to ecryptfs-utils using the session keyring, rather than the user keyring, and adding pam_keyinit.so in the proper places in the pam stack (I think Fedora already has it, however, SELinux might cause some problems).
Stay tuned, I'll commit a fix once I'm satisfied with my testing.
With the help of David Howells here at LCA2010, I actually have a working fix for this.
There's a couple of moving pieces. There's a minor patch to pam_keyinit.so, a small patch to ecryptfs-utils using the session keyring, rather than the user keyring, and adding pam_keyinit.so in the proper places in the pam stack (I think Fedora already has it, however, SELinux might cause some problems).
Stay tuned, I'll commit a fix once I'm satisfied with my testing.
:-Dustin