Comment 1 for bug 1486470

I've actually gotten to the bottom of this. I had two issues:

1) I moved the password optional ecryptfs.so line BELOW the pam_unix.so line (despite what https://wiki.archlinux.org/index.php/ECryptfs says)

2) I realized that the password rewrapper looks for the wrapped-passphrase in /home/user/.ecryptfs rather than /home/.ecryptfs/user/.ecryptfs -- when I made the former a symlink to the latter, rewrapping started working.