You can put the call to 'pam_ecryptfs.so unwrap' before pam_systemd.so in /etc/pam.d/common-session as I mentioned above, but because this is a managed file, you will get a reminder that you modified it every time a package installation makes changes to /etc/pam.d. So a better fix is this:
(as root) in /usr/share/pam-configs/ecryptfs-utils , change "Priority: 0" to "Priority: 150"
then (still as root) run "pam-auth-update --force"
This will update the contents of /etc/pam.d LOSING ANY LOCAL CHANGES YOU MADE, and placing ecryptfs before other services.
The priority change will remain in effect until the next ecryptfs-utils update, unless the developers make the change in the package. But ecrypfs-utils looks like abandonware (last release was in July 2016 despite many bug reports) so that may be a long time coming.
Better alternative to ecryptfs is either to use a luks-encrypted volume/file automounted via libpam-mount, or, once the new pam_e4crypt module is packaged for Debian/Ubuntu, use the new ext4 directory encryption facility.
You can put the call to 'pam_ecryptfs.so unwrap' before pam_systemd.so in /etc/pam. d/common- session as I mentioned above, but because this is a managed file, you will get a reminder that you modified it every time a package installation makes changes to /etc/pam.d. So a better fix is this:
(as root) in /usr/share/ pam-configs/ ecryptfs- utils , change "Priority: 0" to "Priority: 150"
then (still as root) run "pam-auth-update --force"
This will update the contents of /etc/pam.d LOSING ANY LOCAL CHANGES YOU MADE, and placing ecryptfs before other services.
The priority change will remain in effect until the next ecryptfs-utils update, unless the developers make the change in the package. But ecrypfs-utils looks like abandonware (last release was in July 2016 despite many bug reports) so that may be a long time coming.
Better alternative to ecryptfs is either to use a luks-encrypted volume/file automounted via libpam-mount, or, once the new pam_e4crypt module is packaged for Debian/Ubuntu, use the new ext4 directory encryption facility.