// Colorize the message and print.
	logger.Info(color.Blue("API: ") + color.Bold(fmt.Sprintf("%s ", apiEndpointStr)))
	if color.IsTerminal() && (!globalServerCtxt.Anonymous && !globalServerCtxt.JSON && globalAPIConfig.permitRootAccess()) {
		logger.Info(color.Blue("   RootUser: ") + color.Bold("%s ", cred.AccessKey))
		logger.Info(color.Blue("   RootPass: ") + color.Bold("%s \n", cred.SecretKey))
		if region != "" {

			if cred.IsTemp() && cred.IsExpired() {
				return nil, errInvalidAccessKeyID
			}
			return []byte(cred.SecretKey), nil
		} // this means claims.AccessKey == rootAccessKey
		if !globalAPIConfig.permitRootAccess() {
			// if root access is disabled, fail this request.
			return nil, errAccessKeyDisabled
		}
		return []byte(globalActiveCred.SecretKey), nil
	}); err != nil {
		return claims, nil, false, errAuthentication

	defer t.mu.RUnlock()

	return t.enableODirect
}

func (t *apiConfig) shouldGzipObjects() bool {
	t.mu.RLock()
	defer t.mu.RUnlock()

	return t.gzipObjects
}

func (t *apiConfig) permitRootAccess() bool {
	t.mu.RLock()
	defer t.mu.RUnlock()

	return t.rootAccess
}

func (t *apiConfig) getListQuorum() string {
	t.mu.RLock()
	defer t.mu.RUnlock()

	if t.listQuorum == "" {

// a KMS is configured, no manual credentials have been specified and if root
// access is disabled.
func autoGenerateRootCredentials() {
	if GlobalKMS == nil {
		return
	}
	if globalAPIConfig.permitRootAccess() || !globalActiveCred.Equal(auth.DefaultCredentials) {
		return
	}

	if manager, ok := GlobalKMS.(kms.KeyManager); ok {
		stat, err := GlobalKMS.Stat(GlobalContext)
		if err != nil {