return objInfo, err
		}
		replcfg, err = getReplicationConfig(ctx, bucket)
		if err != nil {
			return objInfo, err
		}
	}

	// expiration attempted on a bucket with no lifecycle
	// rules shall be rejected.
	if lc == nil && opts.Expiration.Expire {
		if opts.VersionID != "" {
			return objInfo, VersionNotFound{
				Bucket:    bucket,
				Object:    object,
				VersionID: opts.VersionID,

     *
     * @param activeSessionId the session ID to exclude from deletion (can be null)
     * @param name optional name filter for sessions to delete (can be null or blank)
     * @param date the expiration time threshold - sessions expired before this time will be deleted
     */
    public void deleteSessionIdsBefore(final String activeSessionId, final String name, final long date) {

	// dynamic sleeper to avoid thundering herd for trash folder expunge routine
	deleteCleanupSleeper = newDynamicSleeper(5, 25*time.Millisecond, false)

	// dynamic sleeper for multipart expiration routine
	deleteMultipartCleanupSleeper = newDynamicSleeper(5, 25*time.Millisecond, false)

	// Is MINIO_SYNC_BOOT set?
	globalEnableSyncBoot bool

	// Contains NIC interface name used for internode communication

        if (authenticationTTL <= 0) {
            return false; // No expiration
        }
        long age = System.currentTimeMillis() - authenticationTimestamp;
        return age > authenticationTTL;
    }

    /**
     * Set the authentication time-to-live in milliseconds
     *
     * @param ttl time-to-live in milliseconds (0 or negative for no expiration)
     */
    public void setAuthenticationTTL(long ttl) {

	for {
		result, ok := lc.Get("key1")
		if ok && result == "" {
			t.Fatalf("ok should return a result")
		}
		if !ok {
			break
		}
	}

	time.Sleep(time.Millisecond * 100) // wait for expiration reaper
	if lc.Len() != 0 {
		t.Fatalf("length differs from expected")
	}

	v, ok = lc.Peek("key1")
	if v != "" {
		t.Fatalf("should be empty")
	}
	if ok {
		t.Fatalf("should be false")
	}

	cred.Status = string(auth.AccountOn)
	cred.Name = opts.name
	cred.Description = opts.description

	if opts.expiration != nil {
		expirationInUTC := opts.expiration.UTC()
		if err := validateSvcExpirationInUTC(expirationInUTC); err != nil {
			return auth.Credentials{}, time.Time{}, err
		}
		cred.Expiration = expirationInUTC
	}

	updatedAt, err := sys.store.AddServiceAccount(ctx, cred)
	if err != nil {

		cr.Name = opts.name
	}

	if opts.description != "" {
		cr.Description = opts.description
	}

	if opts.expiration != nil {
		expirationInUTC := opts.expiration.UTC()
		if err := validateSvcExpirationInUTC(expirationInUTC); err != nil {
			return updatedAt, err
		}
		cr.Expiration = expirationInUTC
	}

	switch opts.status {
	// The caller did not ask to update status account, do nothing

		TargetUser: accessKey,
		AccessKey:  "svc-accesskey",
		SecretKey:  "svc-secretkey",
		Expiration: &closeExpiration,
	})
	if err == nil {
		c.Fatalf("Creating a svc acc with distant expiration should fail")
	}
}

func (s *TestSuiteIAM) TestServiceAccountOpsByAdmin(c *check) {

			if err := xml.Unmarshal(meta.LifecycleConfigXML, &lcCfg); err != nil {
				return updatedAt, err
			}
			// find a single expiry rule set the flag
			for _, rl := range lcCfg.Rules {
				if !rl.Expiration.IsNull() || !rl.NoncurrentVersionExpiration.IsNull() {
					expiryRuleRemoved = true
					break
				}
			}
		}

		// Form empty ILM details with `ExpiryUpdatedAt` field and save
		var cfgData []byte

		err := iamOS.loadUser(ctx, userName, stsUser, stsAccountsFromStore)
		if err != nil && !errors.Is(err, errNoSuchUser) {
			iamLogIf(ctx, err)
		}
		// No need to return errors for failed expiration of STS users
	}

	// Loading the STS policy mappings from disk ensures that stale entries
	// (removed during loadUser() in the loop above) are removed from memory.