return updatedAt, errServerNotInitialized
	}

	if !auth.IsAccessKeyValid(accessKey) {
		return updatedAt, auth.ErrInvalidAccessKeyLength
	}

	if auth.ContainsReservedChars(accessKey) {
		return updatedAt, auth.ErrContainsReservedChars
	}

	if !auth.IsSecretKeyValid(ureq.SecretKey) {
		return updatedAt, auth.ErrInvalidSecretKeyLength
	}

	case accountName == globalActiveCred.AccessKey || newGlobalAuthZPluginFn() != nil:
		// For owner account and when plugin authZ is configured always set
		// effective policy as `consoleAdmin`.
		//
		// In the latter case, we let the UI render everything, but individual
		// actions would fail if not permitted by the external authZ service.
		for _, policy := range policy.DefaultPolicies {
			if policy.Name == "consoleAdmin" {

		return updatedAt, errIAMActionNotAllowed
	}

	uinfo := newUserIdentity(auth.Credentials{
		AccessKey: accessKey,
		SecretKey: cred.SecretKey,
		Status: func() string {
			switch string(status) {
			case string(madmin.AccountEnabled), string(auth.AccountOn):
				return auth.AccountOn
			}
			return auth.AccountOff
		}(),
	})

	// set to 'true' when testing is invoked
	globalIsTesting = true

	globalIsCICD = globalIsTesting

	globalActiveCred = auth.Credentials{
		AccessKey: auth.DefaultAccessKey,
		SecretKey: auth.DefaultSecretKey,
	}

	globalNodeAuthToken, _ = authenticateNode(auth.DefaultAccessKey, auth.DefaultSecretKey)

	// disable ENVs which interfere with tests.
	for _, env := range []string{
		crypto.EnvKMSAutoEncryption,

sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS
tls_skip_verify  (on|off)    trust server TLS without verification, defaults to "on" (verify)
client_tls_cert  (path)      path to client certificate for mTLS auth
client_tls_key   (path)      path to client key for mTLS auth

        // Create authentication context - try guest auth first for broader compatibility
        try {
            NtlmPasswordAuthentication auth = new NtlmPasswordAuthentication(SingletonContext.getInstance(), WORKGROUP, USERNAME, PASSWORD);
            context = SingletonContext.getInstance().withCredentials(auth);
        } catch (Exception e) {

labels.spnego_login_client_module=Login Client Module
labels.spnego_login_server_module=Login Server Module
labels.spnego_preauth_username=Pre-Auth Username
labels.spnego_preauth_password=Pre-Auth Password
labels.spnego_allow_basic=Allow Basic Auth
labels.spnego_allow_unsecure_basic=Allow Unsecure Basic Auth
labels.spnego_prompt_ntlm=Prompt NTLM
labels.spnego_allow_localhost=Allow Localhost
labels.spnego_allow_delegation=Allow Delegation

labels.spnego_login_client_module=Login Client Module
labels.spnego_login_server_module=Login Server Module
labels.spnego_preauth_username=Pre-Auth Username
labels.spnego_preauth_password=Pre-Auth Password
labels.spnego_allow_basic=Allow Basic Auth
labels.spnego_allow_unsecure_basic=Allow Unsecure Basic Auth
labels.spnego_prompt_ntlm=Prompt NTLM
labels.spnego_allow_localhost=Allow Localhost
labels.spnego_allow_delegation=Allow Delegation

labels.spnego_login_client_module=Login Client Module
labels.spnego_login_server_module=Login Server Module
labels.spnego_preauth_username=Pre-Auth Username
labels.spnego_preauth_password=Pre-Auth Password
labels.spnego_allow_basic=Allow Basic Auth
labels.spnego_allow_unsecure_basic=Allow Unsecure Basic Auth
labels.spnego_prompt_ntlm=Prompt NTLM
labels.spnego_allow_localhost=Allow Localhost
labels.spnego_allow_delegation=Allow Delegation

labels.spnego_login_client_module=Login Client Module
labels.spnego_login_server_module=Login Server Module
labels.spnego_preauth_username=Pre-Auth Username
labels.spnego_preauth_password=Pre-Auth Password
labels.spnego_allow_basic=Allow Basic Auth
labels.spnego_allow_unsecure_basic=Allow Unsecure Basic Auth
labels.spnego_prompt_ntlm=Prompt NTLM
labels.spnego_allow_localhost=Allow Localhost
labels.spnego_allow_delegation=Allow Delegation