Comment 35 for bug 307019

Yes, we have no way to avoid breaking eCryptfs if we don't have the original password. Anyway, if the admin was able to provide it, we could'nt use it because either we run 'passd' as root, and old password is not asked for, or we run it as a standard user, and changing password for someone else is not allowed. Best solution would be that a GUI asks the user for its old password on next login.

For the error messages, please have a look at the permissions of the user's home dir. I don't think the eCryptfs issue could lock out an user *as long as its home dir isn't fully encrypted* (which you don't explain). So permissions may be the real problem here, not eCryptfs. Definitely worth a new report.