Comment 19 for bug 362427

I don't think the workaround in #12 is practically useful unless you want to disallow password-based logins. The password is needed anyway to unlock the ecryptfs key, so imho typing it in once on first login is way easier than authenticating via public key and then manually unlocking the encrypted home. Especially since key based authentication works fine on subsequent sessions i.e. if the user is already logged in at least once and the home directory is therefore unlocked.