Having looked at the code, I think the ecryptfs-utils case is an ecryptfs-utils bug and not a pam bug. The relevant code in pam_ecryptfs is:
if (!old_passphrase || !new_passphrase) { syslog(LOG_WARNING, "eCryptfs PAM passphrase change module " "retrieved at least one NULL passphrase; nothing to " "do\n"); goto out;
}
but this leaves rc as PAM_SUCCESS - since this module is designed to be an optional module, this really ought to return PAM_IGNORE instead for this case.
Having looked at the code, I think the ecryptfs-utils case is an ecryptfs-utils bug and not a pam bug. The relevant code in pam_ecryptfs is:
if (!old_passphrase || !new_passphrase) {
syslog( LOG_WARNING, "eCryptfs PAM passphrase change module "
"retrieved at least one NULL passphrase; nothing to "
"do\n" );
goto out;
}
but this leaves rc as PAM_SUCCESS - since this module is designed to be an optional module, this really ought to return PAM_IGNORE instead for this case.