If you encrypt your startup volume, then decryption occurs before the normal login screen, and requires a local account in order to get at the volume's encryption key. This could however be done by providing a single local account for the purposes of decryption only. Once decrypted, the user can login normally.
If you encrypt other disks, then when you login you will receive a prompt asking for the password to these so that CoreStorage can unlock them. At this point the key (once entered) can be stored in a Keychain which, for the paranoid, can have its own password, auto-lock settings etc. as desired.
To encrypt drives other than your Time Machine disk, you have to use the Terminal via
the diskutil command, the section you want is the coreStorage/cs commands, these allow you to convert a disk to CoreStorage (may have to erase it in the process) and set any encryption key you like. I dunno if there are any good GUI's for it, Disk Utility is supposed to be able to do it for you but I couldn't get it to work on some disks, and those that did had to be erased (which the terminal command can sometimes avoid), it also has a buggy password field which makes it difficult to set a decently secure password such as a randomly generated one.
Personally I'd recommend leaving the startup volume unencrypted and only keep the OS on it, then create a separate partition for encrypted data, this way you can just store its key in your keychain. An OS-only volume should be perfectly safe to leave unencrypted in terms of its data content, unless you're scared about someone accessing the machine to tamper with the OS in which case encrypting it is probably a good idea, and can be done with a single local user account.
