To have an encrypted home partition (encrypted with, for example, LUKS or ecryptfs) mounted automatically when logging in, you can use pam_mount. It will mount your /home (or whatever mount point you like) when you log in using your login manager or when logging in on console. The encrypted drive's passphrase should be the same as your linux user's password, so you do not have to type in two different passphrases to login.
- Install Template:Package AUR from the AUR
- Edit /etc/security/pam_mount.conf.xml as follows:
Insert 2 new lines at the end of the file, but before the last closing tag, </pam_mount>. Notes:
- USERNAME should be replaced with your linux-username.
- /dev/sdaX should be replaced with the corresponding device.
- fstype="crypt" can be changed to any <type> that is present in /sbin/mount.<type>. Try "auto" if in doubt.
- Add mount options, if needed.
Login Manager Configuration
In general, you have to edit configuration files in /etc/pam.d so that pam_mount will be called on login. The correct order of entries in each file is important. It is probably necessary to change both /etc/pam.d/login and the file for your display manager (e.g., Slim or GDM). Example configuration files follow, with the added lines in bold.
Note that the configuration file has changed to be /etc/pam.d/gdm-password (instead of /etc/pam.d/gdm) as of GDM version 3.2.