Okay, so I can now characterize the problem better, and how to reproduce...
On a system using an encrypted private, `mount | grep Private` to check:
1) invoke passwd
2) enter the "correct" current password
3) enter an invalid new password (such as something too simple) 6 times
The system level password will *not* be changed, even though the spurious password change is printed.
However, pam_ecryptfs will be invoked in error, which will rewrap the encrypted passphrase.
This will cause the system login passphrase and the ecryptfs wrapping passphrase to be out-of-sync. The user's ~/Private directory will not be mounted.
Further, "proper" attempts to "fix" the eCryptfs wrapped-passphrase will fail, because the wrapping passphrase and the system passphrase are not the same.
The only way for the user to rectify this problem will be to:
1) set the system password properly using passwd successfully
2) run `ecryptfs_rewrap_passphrase [file] [old wrapping passphrase] [new wrapping passphrase]`
Aaaaaahhhhh...
Okay, so I can now characterize the problem better, and how to reproduce...
On a system using an encrypted private, `mount | grep Private` to check:
1) invoke passwd
2) enter the "correct" current password
3) enter an invalid new password (such as something too simple) 6 times
The system level password will *not* be changed, even though the spurious password change is printed.
However, pam_ecryptfs will be invoked in error, which will rewrap the encrypted passphrase.
This will cause the system login passphrase and the ecryptfs wrapping passphrase to be out-of-sync. The user's ~/Private directory will not be mounted.
Further, "proper" attempts to "fix" the eCryptfs wrapped-passphrase will fail, because the wrapping passphrase and the system passphrase are not the same.
The only way for the user to rectify this problem will be to: rewrap_ passphrase [file] [old wrapping passphrase] [new wrapping passphrase]`
1) set the system password properly using passwd successfully
2) run `ecryptfs_
:-Dustin