This line of action worked well in one computer of mine with Ubuntu 14.04. I name first password the previous one where all worked seamlessly, and second password the current one that gives you hassles with encryption.
Note that Linux uses the word password whereas ecryptfs uses the word passphrase -- one difference is that a passphrase accepts spaces. Nowadays the difference between the two is blurred, since modern passwords accept spaces too, while the old naming persists. It's useful though to keep in check what you are talking with.
An important difference within ecryptfs is that between the login passphrase and the mount passphrase. Here we are interested in the login passphrase.
The starting point of this post is that first login passphrase = first login password. To view the mount passphrase after curiosity, launch
ecryptfs-unwrap-passphrase -- you'll be asked the login passphrase to move on (and keep that mount passphrase safe elsewhere for good measure, if you haven't done so yet).
Mount the encrypted home
- go to terminal with CTRL+ALT+F1
- login with the user whose encrypted home is not accessible (with second login password)
ecyptfs-mount-private, note without
sudo (else I get a
- type in the first encryption passphrase (the first login password, because they were the same)
- check that the home directory has been unencrypted (with a
ls-type command). If not, there is some other problem at play.
Reverse the change of login password
- make the login password the same as the first encryption passphrase with a plain
passwd command. Crucially, no
sudo again. At this point the login password becomes the first one again, and the login password and login passphrase are the same again.
Give the second value to the login password
- use again a plain
passwd command to set the second login password. Crucially, no
sudo again. At this point, ecryptfs will have updated the passphrase with the value given to
passwd. This does not work if you use
sudo passwd. Step 6 was necessary because successive passwords must be different.
At next reboot the desktop environment should allow you to log in seamlessly by chaining the decryption into the accreditation process, since password and passphrase are the same (having the second value).
Next time you want to change password and passphrase, log in as the user owning the encrypted home and use
passwd, rather than
sudo passwd -- source: http://bodhizazen.com/Tutorials/Ecryptfs/
Another attempt to resorting to
ecryptfs-rewrap-passphrase resulted in the deletion of encryption (data are preserved though), so I discourage that (issue https://unix.stackexchange.com/questions/329661, please be aware and help out if possible)
This happened to me tonight. It happens when you change your user password, but not your encryption passphrase. They are usually in sync.
To fix this, simply run:
It will prompt you for your old passphrase, then allow you to enter a new one. Then, you will be able to log in normally.