Skip to main content

NFS and Sharing Awareness

Offline scans and script-based scans can distinguish users and keys located on network directories/shares.

On Users, Authorized keys and Private keys pages, the filters and columns that can be used to see the sharing status are:

  • Users: Home dir sharing.

  • Authorized keys: Key sharing and Authorization file sharing (relates only to Tectia).

  • Private keys: Key sharing and Public key sharing.

The sharing status can have the following values:

  • local: The key resides in user's locally shared home directory.
  • remote: The home directory, or the directory the key resides in is either mounted via NFS, or via automounter.
  • unable to detect/unknown: Key Manager is unable to determine if the directory is shared or not.
  • no: Sharing status was checked, and the result was neither local, remote, nor unknown.
  • empty/blank results: Default value. Sharing status was not checked, because unsupported scan method was used.

A Key Manager administrator can disable key actions for shared keys on the Settings → General → Host page by choosing Yes in Deny actions on shared keys. Disabling key actions affects the following actions and jobs:

  • key removal: remove-authorized-key, remove-private-key, remove-private-key-backup

  • set options: set-authorized-key-options

  • adding a new authorized key: add-authorized-key

  • private key generation: generate-user-private-key, generate-private-key

  • private key passphrase: set-private-key-passphrase

  • restore: restore-private-key

  • key relocation: relocate-user-keys-host

  • renew: renew-private-key

If a Key Manager administrator has denied actions on shared keys, and the sharing status is either local or remote, trying to start the job will return a failure. For more information on Key Manager job types, see Key Manager Job Types