Problem:On RHEL 5 systems running the CentrifyDC agent, it is noticed that in the syslogs (
/var/log/messages) and Centrify debug logs (
/var/log/centrifydc.log), that
adcert will log in UTC time instead of the local time of the system.
Snippet from
/var/log/centrifydc.log showing timestamps starting with 15:00 (EDT) and then switching to 19:00 (UTC)
Sep 1 15:00:02 engcen adcert[11234]: DEBUG cli.adcert certificate EC public key matches private key
Sep 1 15:00:02 engcen adcert[11234]: DEBUG cli.adcert certificate and private key exist on computer
Sep 1 15:00:02 engcen adcert[11234]: DEBUG lrpc.adobject key not in dictionary: revision
Sep 1 15:00:02 engcen adcert[11234]: DEBUG lrpc.adobject key not in dictionary: pKIOverlapPeriod
Sep 1 15:00:02 engcen adcert[11234]: DEBUG lrpc.adobject key not in dictionary: pKIExpirationPeriod
Sep 1 19:00:02 engcen adcert[11234]: DEBUG cli.adcert expiration is Tue
Sep 1 19:00:02 engcen adcert[11234]: DEBUG cli.adcert using OCSP url
Sep 1 19:00:02 engcen adcert[11234]: DEBUG cli.adcert trying certificate
Sep 1 19:00:02 engcen adcert[11234]: DEBUG cli.adcert ocsp: issuer certificate:
Sep 1 19:00:02 engcen adcert[11234]: DEBUG cli.adcert certificate is valid
Cause:The adcert CLI, as a syslog client, writes log directly to syslogd.
On RHEL 5 systems, the syslog timestamp is affected by the TZ env variable (on the client side)
When TZ is not in env, the default timezone (/etc/localtime) will be used.
Workaround:As root, edit the following file:
/usr/share/centrifydc/mappers/machine/certgp.pl
Find this line:
# c_rehash needs this environment variable for openssl binary
$ENV{OPENSSL} = $openssl;
Add the below entry, after that line:
$ENV{TZ} = "/etc/localtime";
The content should now be:
# c_rehash needs this environment variable for openssl binary
$ENV{OPENSSL} = $openssl;
$ENV{TZ} = "/etc/localtime";
The next time
adcert is invoked by the Group Policy scripts, it should write to syslog with local time instead of UTC time.