- Dynamic home directory creation is not specific to ecryptfs and should not be part of an encryptfs-specific pam config; there is an existing mkhomedir profile to use for this.
- The /etc/security/ecryptfs script is not very reusable, it encodes your local policy preference to enable ecryptfs for all users logging in. It's also insecure, at a minimum because you are passing passwords to a program as commandline arguments, which are visible to all other users on the system.
nack for the pam changes.
- Dynamic home directory creation is not specific to ecryptfs and should not be part of an encryptfs-specific pam config; there is an existing mkhomedir profile to use for this. ecryptfs script is not very reusable, it encodes your local policy preference to enable ecryptfs for all users logging in. It's also insecure, at a minimum because you are passing passwords to a program as commandline arguments, which are visible to all other users on the system.
- The /etc/security/