I pulled a magic trick from a hat.
I put Kerberos 5 using FreeIPA on a Raspberry Pi 3 B.
It's an inexpensive box that does one thing only, issuing tickets. I modified the 60 second timeout to 2000 seconds, and it completed the install. Here is the next issue that I am not understanding all that well this time around.
On the Web UI, it fails on one tab, Authentication -> Certificates.
[Tue May 19 22:02:02.578593 2020] [wsgi:error] [pid 1364:tid 2941485888] [remote IP.119:53807] ipa: INFO: [jsonserver_session] admin@ARONETICS.COM: user_find(None, version='2.236', no_members=True): SUCCESS</br>
[Tue May 19 22:02:05.062481 2020] [:warn] [pid 2099:tid 2494501696] [client IP.119:53807] failed to set perms (3140) on file (/run/ipa/ccaches/admin@ARONETICS.COM)!, referer: https://flash.aronetics.com/ipa/ui/
[Tue May 19 22:02:06.382009 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] ipa: ERROR: non-public: OverflowError: timestamp out of range for platform time_t
[Tue May 19 22:02:06.382180 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] Traceback (most recent call last):
[Tue May 19 22:02:06.382248 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] File "/usr/lib/python3.7/site-packages/ipaserver/rpcserver.py", line 368, in wsgi_execute
[Tue May 19 22:02:06.382269 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] result = command(*args, **options)
[Tue May 19 22:02:06.382288 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] File "/usr/lib/python3.7/site-packages/ipalib/frontend.py", line 450, in __call
[Tue May 19 22:02:06.382307 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] return self.__do_call(*args, **options)
[Tue May 19 22:02:06.382324 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] File "/usr/lib/python3.7/site-packages/ipalib/frontend.py", line 478, in __do_call
[Tue May 19 22:02:06.382343 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] ret = self.run(*args, **options)
[Tue May 19 22:02:06.382361 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] File "/usr/lib/python3.7/site-packages/ipalib/frontend.py", line 800, in run
[Tue May 19 22:02:06.382379 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] return self.execute(*args, **options)
[Tue May 19 22:02:06.382397 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] File "/usr/lib/python3.7/site-packages/ipaserver/plugins/cert.py", line 1835, in execute
[Tue May 19 22:02:06.382415 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] **options)
[Tue May 19 22:02:06.382433 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] File "/usr/lib/python3.7/site-packages/ipaserver/plugins/cert.py", line 1701, in _ca_search
[Tue May 19 22:02:06.382453 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] convert_pkidatetime(obj['valid_not_after']))
[Tue May 19 22:02:06.382471 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] File "/usr/lib/python3.7/site-packages/ipaserver/plugins/cert.py", line 257, in convert_pkidatetime
[Tue May 19 22:02:06.382490 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] value = datetime.datetime.fromtimestamp(int(value) // 1000)
[Tue May 19 22:02:06.382508 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] OverflowError: timestamp out of range for platform time_t
[Tue May 19 22:02:06.383531 2020] [wsgi:error] [pid 1363:tid 2941485888] [remote IP.119:53807] ipa: INFO: [jsonserver_session] admin@ARONETICS.COM: cert_find(None, version='2.236'): InternalError
[root@flash ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa: INFO: The ipactl command was successful
I have to modify either the sytemd environment which is a bit dangerous (imho?!) or extend this timeout.