Prevent eCryptfs from asking for passphrase
For transparent usage it installs its own PAM module: When you log in your password can be used to automatically decrypt your files. You can also use a different passphrase to improve security even more.
But this shows an annoying behavior, as you also get asked for that additional passphrase when you use
sudo or other tools.
I (temporarily) fixed this by changing my
/etc/pam.d/common-auth to use pam_succeed_if like this:
auth [default=1 success=ignore] pam_succeed_if.so service notin sudo:polkit-1 auth optional pam_ecryptfs.so unwrap
This skips the call to
pam_ecryptfs if the service is either
PolicyKit-1, which is used by the update service.