Document pam_passphrase weirdness

[josephlr]

By default, protectors with type pam_passphrase have their metadata stored at the filesystem root. This is to make sure the login protectors are updated when the user's passphrase changes.

This can be unexpected as metadata is normally stored on entirely on the filesystem containing the encrypted directory. The current documentation/man pages should note how this works.

Reported as part of #50
Tracked with #10

[jnvsor]

By default, protectors with type pam_passphrase have their metadata stored at the filesystem root.

You said 'By default' - is it possible to force it to put the protector on the same partition? If this isn't possible, should I add a feature request?

PS: The readme is rather inconsistent concerning pam_passphrase:

As noted above and in the troubleshooting below, fscrypt cannot (yet) detect when your login passphrase changes. So if you protect a directory with your login passphrase, you may have to do additional work when you change your system passphrase.

The PAM module provided by fscrypt (pam_fscrypt.so) should automatically detect changes to a user's login passphrase so that they can still access their encrypted directories.