Using ecryptfs-utils and pam configuration files.
--- /dev/null
+# Begin /etc/pam.d/system-auth
+
+auth required pam_unix.so
+auth optional pam_ecryptfs.so unwrap
+
+# End /etc/pam.d/system-auth
--- /dev/null
+# Begin /etc/pam.d/system-password
+
+password optional pam_ecryptfs.so
+
+# use sha512 hash for encryption, use shadow, and try to use any previously
+# defined authentication token (chosen password) set by any prior module
+password required pam_unix.so sha512 shadow try_first_pass
+
+# End /etc/pam.d/system-password
--- /dev/null
+# Begin /etc/pam.d/system-session
+
+session required pam_unix.so
+session optional pam_ecryptfs.so unwrap
+
+# End /etc/pam.d/system-session
# setreuid: Operation not permitted
# ERROR: Could not mount private ecryptfs directory
chmod +s /sbin/mount.ecryptfs_private
+
+ install -v -m644 ${SCRDIR}/misc/ecryptfs-pam.d/* /etc/pam.d/
}