return true
	}
	if !o.Recursive && !entry.isInDir(o.Prefix, o.Separator) {
		return true
	}
	if !o.InclDeleted && entry.isObject() && entry.isLatestDeletemarker() && !entry.isObjectDir() {
		return true
	}
	if o.Lifecycle != nil || o.Replication.Config != nil {
		return triggerExpiryAndRepl(ctx, *o, entry)
	}
	return false
}

					return true
				default:
					return false
				}
			}

			var versionsFound int
			if err = set.listObjectsToDecommission(ctx, bi, func(entry metaCacheEntry) {
				if !entry.isObject() {
					return
				}

				// `.usage-cache.bin` still exists, must be not readable ignore it.
				if bi.Name == minioMetaBucket && strings.Contains(entry.name, dataUsageCacheName) {

        @DisplayName("getUserDomain: derives from KerberosPrincipal in Subject")
        void getUserDomain_fromSubjectPrincipal() {
            Subject subject = new Subject();
            Principal kp = new KerberosPrincipal("******@****.***");
            subject.getPrincipals().add(kp);

            Kerb5Authenticator auth = new Kerb5Authenticator(subject);
            assertEquals("EXAMPLE.COM", auth.getUserDomain());
        }

import org.mockito.MockitoAnnotations;

/**
 * Test class for KerberosCredentials.
 */
class KerberosCredentialsTest {

    @Mock
    private LoginContext loginContext;

    @Mock
    private Subject subject;

    @Mock
    private KerberosKey key1;

    @Mock
    private KerberosKey key2;

    private static final String LOGIN_CONTEXT_NAME = "TestLoginContext";
    private static final int KEY_TYPE_1 = 1;

        private final boolean guest;
        private final Subject subject;
        private final boolean failOnRefresh;

        TestCredentials(String domain, boolean anonymous, boolean guest, Subject subject, boolean failOnRefresh) {
            this.domain = domain;
            this.anonymous = anonymous;
            this.guest = guest;
            this.subject = subject;
            this.failOnRefresh = failOnRefresh;
        }

        Subject presetSubject = new Subject();
        orig.setSubject(presetSubject);

        // Try to get a Subject, but handle the case where JAAS may not be configured
        Subject first = orig.getSubject();
        // In test environments, getSubject() may return null if JAAS is not configured
        // This is acceptable behavior - the test should focus on the cloning logic

        // Clone and verify basic fields copied

                }
            }
        }

        return serverKey;
    }

    /**
     * Returns the authenticated JAAS Subject.
     *
     * @return the authenticated Subject
     */
    public Subject getSubject() {
        return this.subject;
    }

            throw new SmbException("Context setup failed", e);
        }
    }

    /**
     * Set the Kerberos subject
     *
     * @param subject
     *            the subject to set
     */
    protected void setSubject(Subject subject) {
        this.subject = subject;
    }

    @Override
    public void refresh() throws CIFSException {

            }
            lc.login();

            Subject s = lc.getSubject();
            if (log.isDebugEnabled()) {
                log.debug("Got subject: " + s.getPrincipals());
            }
            if (log.isTraceEnabled()) {
                log.trace("Got subject " + s);
            }

            this.cachedSubject = s;
            return this.cachedSubject;

    SSPContext createContext(CIFSContext tc, String targetDomain, String host, byte[] initialToken, boolean doSigning) throws SmbException;

    /**
     * Get the security subject associated with these credentials.
     * @return subject associated with the credentials
     */
    Subject getSubject();

    /**
     * Refresh the credentials.
     * @throws CIFSException if refresh fails
     */
    void refresh() throws CIFSException;