Wishlist item. If separate LUKS/dm_crypt volumes are being used for each user's home directory they can be auto-mounted at login using pam_mount by supplying a key file encrypted by the login password via openssl that contains the LUKS/dm_crypt key and specifying it in pam_mount.conf. But there is no mechanism for re-encrypting the key file when the user changes their password resulting in them being left in the empty home mount directory on their next login. While auto-mounting an encrypted volume via a generally weak login password reduces it's effectiveness, this can be mitigated somewhat by storing the keys somewhere like /etc/keys/dm_crypt with 700 permissions and root ownership, increasing the default minimum password length to something >6 characters, and using an encrypted root volume. This setup is important for easing security implementation on laptops.