net.core.wmem_default=4194304
net.ipv4.tcp_rmem="4096 87380 4194304"
net.ipv4.tcp_wmem="4096 65536 4194304"

# Reduce CPU utilization
net.ipv4.tcp_timestamps=0

# Increase throughput
net.ipv4.tcp_sack=1

# Low latency mode for TCP
net.ipv4.tcp_low_latency=1

# The following variable is used to tell the kernel how 
# much of the socket buffer space should be used for TCP 
# window size, and how much to save for an application buffer.

  # Options for controlling the logger.
  logger:
    level: "debug"
    format: "text" # can also be "json"

# Default values shown below
oauth2:
  # use ["code", "token", "id_token"] to enable implicit flow for web-only clients
  responseTypes: [ "code", "token", "id_token" ] # also allowed are "token" and "id_token"
  # By default, Dex will ask for approval to share data with application

        * `implicit`
        * `clientCredentials`
        * `authorizationCode`
    * Es gibt jedoch einen bestimmten „Flow“, der perfekt für die direkte Abwicklung der Authentifizierung in derselben Anwendung verwendet werden kann:
        * `password`: Einige der nächsten Kapitel werden Beispiele dafür behandeln.

        * `implicit`
        * `clientCredentials`
        * `authorizationCode`
    * But there is one specific "flow" that can be perfectly used for handling authentication in the same application directly:
        * `password`: some next chapters will cover examples of this.

    /**
     * No trust - information was generated with defaults.
     */
    public static final ArtifactStatus GENERATED = new ArtifactStatus("generated", 1);

    /**
     * Low trust - was converted from the Maven 1.x repository.
     */
    public static final ArtifactStatus CONVERTED = new ArtifactStatus("converted", 2);

    /**
     * Moderate trust - it was deployed directly from a partner.

	if err != nil {
		t.Fatalf("mmap failed %s", err)
	}
	err = syscall.Mprotect(b[:pagesize], syscall.PROT_NONE)
	if err != nil {
		t.Fatalf("mprotect low failed %s\n", err)
	}
	err = syscall.Mprotect(b[2*pagesize:], syscall.PROT_NONE)
	if err != nil {
		t.Fatalf("mprotect high failed %s\n", err)
	}
	return b[pagesize : 2*pagesize]
}

      </Credentials>
   </AssumeRoleWithCertificateResult>
   <ResponseMetadata>
      <RequestId>169339CD8B3A6948</RequestId>
   </ResponseMetadata>
</AssumeRoleWithCertificateResponse>
```

## Authentication Flow

A client can request temp. S3 credentials via the STS API. It can authenticate via a client certificate and obtain a access/secret key pair as well as a session token. These credentials are associated to an S3 policy at the MinIO server.

   *
   * @param escaper the non-null escaper to test
   * @param expected the expected output string
   * @param hi the high surrogate pair character
   * @param lo the low surrogate pair character
   */
  public static void assertUnicodeEscaping(
      UnicodeEscaper escaper, String expected, char hi, char lo) {

    int cp = Character.toCodePoint(hi, lo);

   *
   * @param escaper the non-null escaper to test
   * @param expected the expected output string
   * @param hi the high surrogate pair character
   * @param lo the low surrogate pair character
   */
  public static void assertUnicodeEscaping(
      UnicodeEscaper escaper, String expected, char hi, char lo) {

    int cp = Character.toCodePoint(hi, lo);

	if _, maxLimit, err = sys.GetMaxOpenFileLimit(); err != nil {
		return err
	}

	if maxLimit < 4096 && runtime.GOOS != globalWindowsOSName {
		logger.Info("WARNING: maximum file descriptor limit %d is too low for production servers. At least 4096 is recommended. Fix with \"ulimit -n 4096\"",
			maxLimit)
	}

	if err = sys.SetMaxOpenFileLimit(maxLimit, maxLimit); err != nil {
		return err
	}