When using en_IN locale, ipa-adtrust-install fails, as well as ipa-server-upgrade after trust is established. This is due to klist -t using localized timestamp output which, in case of en_IN locale, is using T as a separate rather than a space in other locales. As result, klist output has fewer fields and a code that parses klist output fails:
ipa-adtrust-install
ipa-server-upgrade
klist -t
T
klist
2019-09-09T06:32:56Z DEBUG stdout=<REDACTED> 2019-09-09T06:32:56Z DEBUG stderr= 2019-09-09T06:32:56Z DEBUG File "/usr/lib/python3.6/site-packages/ipaserver/install/installutils.py", line 746, in run_script return_value = main_function() File "/usr/sbin/ipa-adtrust-install", line 213, in main adtrust.install(True, options, fstore, api) File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrust.py", line 425, in install result = ad_update() File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 1480, in __call__ return self.execute(**options) File "/usr/lib/python3.6/site-packages/ipaserver/install/plugins/adtrust.py", line 788, in execute hostkeys = self.extract_key_refs(paths.KRB5_KEYTAB) File "/usr/lib/python3.6/site-packages/ipaserver/install/plugins/adtrust.py", line 756, in extract_key_refs els[5] = els[5].strip('()') 2019-09-09T06:32:56Z DEBUG The ipa-adtrust-install command failed, exception: IndexError: list index out of range
Since we don't really need the timestamp output, avoid using klist -t.
Note that the reason why T appears in the output is due to a logic in MIT Kerberos' krb5_timestamp_to_sfstring() which has a set of formatting methods to fit into a specified buffer length. It looks like T-spaced variants are the first ones that actually fit:
krb5_timestamp_to_sfstring()
static const char * const sftime_format_table[] = { "%c", /* Default locale-dependent date and time */ "%d %b %Y %T", /* dd mon yyyy hh:mm:ss */ "%x %X", /* locale-dependent short format */ "%x %T", /* locale-dependent date + hh:mm:ss */ "%x %R", /* locale-dependent date + hh:mm */ "%Y-%m-%dT%H:%M:%S", /* ISO 8601 date + time */ "%Y-%m-%dT%H:%M", /* ISO 8601 date + hh:mm */ "%Y%m%d%H%M%S", /* ISO 8601 date + time, basic */ "%Y%m%d%H%M" /* ISO 8601 date + hh:mm, basic */ }; static const unsigned int sftime_format_table_nents = sizeof(sftime_format_table)/sizeof(sftime_format_table[0]); tmp = localtime_r(×tamp2, &tmbuf); if (tmp == NULL) return errno; ndone = 0; for (i=0; i<sftime_format_table_nents; i++) { if ((ndone = strftime(buffer, buflen, sftime_format_table[i], tmp))) break; }
buflen here is something that is based on a current environment and is calculated automatically so that a timestamp fits into 15-20 characters at a start of klist.
And this is a reason why %c is not enough in en_IN locale (or C):
%c
$ for i in en_US en_IN C ; do echo $i && LC_TIME=$i locale -k date_fmt ; done en_US date_fmt="%a %d %b %Y %r %Z" en_IN date_fmt="%a %b %e %H:%M:%S %Z %Y" C date_fmt="%a %b %e %H:%M:%S %Z %Y"
master:
ipa-4-8:
Metadata Update from @abbra: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1750242
Issue linked to Bugzilla: Bug 1750242
Login to comment on this ticket.