_, err = sshPasswordAuth(newSSHCon, []byte("dillon"))
		if err != nil {
			c.Fatal("Password authentication failed for user (dillon):", err)
		}

		newSSHCon = newSSHConnMock("dillon")
		_, err = sshPasswordAuth(newSSHCon, []byte("dillon"))
		if err != nil {
			c.Fatal("Password authentication failed for user (dillon):", err)
		}
	}
	{
		userDN := "uid=fahim,ou=people,ou=swengg,dc=min,dc=io"

     * Displays the profile index page.
     *
     * @return the HTML response
     */
    @Execute
    public HtmlResponse index() {
        return asIndexHtml();
    }

    /**
     * Changes the user password.
     *
     * @param form the profile form
     * @return the HTML response
     */
    @Execute
    public HtmlResponse changePassword(final ProfileForm form) {
        final VaErrorHook toIndexPage = () -> {

```
MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN*          (string)    DN for LDAP read-only service account used to perform DN and group lookups
MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD     (string)    Password for LDAP read-only service account used to perform DN and group lookups
```

  var scheme = ""
  var username = ""
  var password: String? = null
  var host = ""
  var port = ""
  var path = ""
  var query = ""
  var fragment = ""

  fun expectParseFailure() = scheme.isEmpty()

  private operator fun set(
    name: String,
    value: String,
  ) {
    when (name) {
      "s" -> scheme = value
      "u" -> username = value
      "pass" -> password = value
      "h" -> host = value

	var user, password string
	var legacyCredentials bool
	//nolint:gocritic
	if env.IsSet(config.EnvRootUser) && env.IsSet(config.EnvRootPassword) {
		user = env.Get(config.EnvRootUser, "")
		password = env.Get(config.EnvRootPassword, "")
	} else if env.IsSet(config.EnvAccessKey) && env.IsSet(config.EnvSecretKey) {
		user = env.Get(config.EnvAccessKey, "")
		password = env.Get(config.EnvSecretKey, "")

Immer wenn jetzt ein Browser einen Benutzer mit Passwort erzeugt, gibt die API dasselbe Passwort in der Response zurück.

Hier ist das möglicherweise kein Problem, da es derselbe Benutzer ist, der das Passwort sendet.

Aber wenn wir dasselbe Modell für eine andere *Pfadoperation* verwenden, könnten wir das Passwort dieses Benutzers zu jedem Client schicken.

/// danger | Gefahr

import java.net.Authenticator
import java.net.PasswordAuthentication

class RecordingAuthenticator(
  private val authentication: PasswordAuthentication? =
    PasswordAuthentication(
      "username",
      "password".toCharArray(),
    ),
) : Authenticator() {
  val calls = mutableListOf<String>()

  override fun getPasswordAuthentication(): PasswordAuthentication? {
    calls.add(

::: fastapi.security.HTTPBasicCredentials

## OAuth2 Authentication

::: fastapi.security.OAuth2

::: fastapi.security.OAuth2AuthorizationCodeBearer

::: fastapi.security.OAuth2PasswordBearer

## OAuth2 Password Form

::: fastapi.security.OAuth2PasswordRequestForm

::: fastapi.security.OAuth2PasswordRequestFormStrict

## OAuth2 Security Scopes in Dependencies

::: fastapi.security.SecurityScopes

                                                key="labels.webauth_password"/></th>
                                        <td><c:if test="${password!=''}">******</c:if> <la:hidden
                                                property="password"/></td>
                                    </tr>
                                    <tr>
                                        <th><la:message

            throws PrompterException;

    /**
     * Prompts the user for a password.
     *
     * @param message the message to display
     * @return the password entered by the user
     * @throws PrompterException if an exception occurs
     */
    @Nonnull
    String promptForPassword(@Nullable String message) throws PrompterException;