We do wait to start the session until PAM authorizes us. But it's true that lightdm apparently likes to reach into the user's home directory before PAM authorizes us.
I tested by forcing lightdm to treat "/tmp" as the user's home directory and this problem went away. So what I think is happening is that lightdm opens a file in /home/user and that prevents the ecryptfs mount from happening...
We do wait to start the session until PAM authorizes us. But it's true that lightdm apparently likes to reach into the user's home directory before PAM authorizes us.
I tested by forcing lightdm to treat "/tmp" as the user's home directory and this problem went away. So what I think is happening is that lightdm opens a file in /home/user and that prevents the ecryptfs mount from happening...