Issues with Handling Shared Home Directories

When using a shell-based scan (for more information different types of scans, see Choosing the Best Scan Method), Key Manager is unable to distinguish whether a key is in a network file server. When multiple servers share a user's home directory that is located on a file server, the shell-based scan does not see that the keys are not local, but determines that they are shared.

This situation causes an issue when Key Manager is used to change a key located on one server, Key Manager sees this as a local modification on all other servers that share that same home directory during the next shell-based scan. As NFS shares are often configured on thousands of servers, this results in thousands of missing, appeared, or locally modified keys, depending on the action taken.

Any key actions performed on one server may have immediate unintended impact on all users on the other servers that share the particular home directory. For example, removing a key located on NFS home directory due to it being unused on one server, will immediately make this key not available on all other servers that share that home directory. If that key is used for automation tasks on another server, this will cause an immediate halt in the workflow.

It's important to note that typically these implications caused by shared NFS home directories involve default SSH configurations. By default the user home directory is the default path, from which SSH client and server will look for the private and authorized keys. For information about how to solve this using Key Manager, see Solution to Shared Home Directory Issues.