Comment 13 for bug 272232

Having looked at the code, I think the ecryptfs-utils case is an ecryptfs-utils bug and not a pam bug. The relevant code in pam_ecryptfs is:

        if (!old_passphrase || !new_passphrase) {
                syslog(LOG_WARNING, "eCryptfs PAM passphrase change module "
                       "retrieved at least one NULL passphrase; nothing to "
                       "do\n");
                goto out;
        }

but this leaves rc as PAM_SUCCESS - since this module is designed to be an optional module, this really ought to return PAM_IGNORE instead for this case.