mc ilm add --expiry-days 365 --transition-days 45 --storage-class "AZURETIER" myminio/srcbucket
```

Note: In the case of S3, it is possible to create a tier from MinIO running in EC2 to S3 using AWS role attached to EC2 as credentials instead of accesskey/secretkey:

```
mc admin tier add s3 source S3TIER --bucket s3bucket --prefix testprefix/ --use-aws-role
```

        AUTHENTICATION_FAILED("Authentication failed", ErrorCategory.AUTHENTICATION, false), ACCESS_DENIED("Access denied",
                ErrorCategory.AUTHENTICATION, false), INVALID_CREDENTIALS("Invalid credentials", ErrorCategory.AUTHENTICATION,
                        false), SESSION_EXPIRED("Session expired", ErrorCategory.AUTHENTICATION, true),

        // File system errors

Open the interactive docs: <a href="http://127.0.0.1:8000/docs" class="external-link" target="_blank">http://127.0.0.1:8000/docs</a>.

### Authenticate { #authenticate }

Click the "Authorize" button.

Use the credentials:

User: `johndoe`

Password: `secret`

<img src="/img/tutorial/security/image04.png">

After authenticating in the system, you will see it like:

<img src="/img/tutorial/security/image05.png">

		return true, nil
	}
	return false, nil
}

func newWarmBackendGCS(conf madmin.TierGCS, tier string) (*warmBackendGCS, error) {
	// Validation code
	if conf.Creds == "" {
		return nil, errors.New("empty credentials unsupported")
	}

	if conf.Bucket == "" {
		return nil, errors.New("no bucket name was provided")
	}

	credsJSON, err := conf.GetCredentialJSON()
	if err != nil {
		return nil, err
	}

func enforceRetentionBypassForPut(ctx context.Context, r *http.Request, oi ObjectInfo, objRetention *objectlock.ObjectRetention, cred auth.Credentials, owner bool) error {
	byPassSet := objectlock.IsObjectLockGovernanceBypassSet(r.Header)

	t, err := objectlock.UTCNowNTP()
	if err != nil {
		internalLogIf(ctx, err, logger.WarningKind)

     *
     * @param transport
     *            The SMB transport containing server encryption key
     * @param auth
     *            The NTLM password authenticator containing user credentials
     * @throws SmbException
     *             If there is an error setting up the signing digest
     */

    private static int call_id = 1;

    /**
     * Gets a DCERPC handle for the specified URL and authentication
     * @param url the DCERPC URL to connect to
     * @param auth the NTLM authentication credentials
     * @return a DCERPC handle for the connection
     * @throws UnknownHostException if the host cannot be resolved
     * @throws MalformedURLException if the URL is malformed

import jcifs.smb1.util.MimeMap;

/**
 * This servlet may be used to "browse" the entire hierarchy of resources
 * on an SMB network like one might with Network Neighborhood or Windows
 * Explorer. The users credentials with be negotiated using NTLM SSP if
 * the client is Microsoft Internet Explorer.
 */

/**
 * A servlet that provides network browsing capabilities for SMB shares using SMB1 protocol.

/**
 * API action for admin file authentication management.
 * Provides RESTful API endpoints for managing file authentication settings in the Fess search engine.
 * File authentication settings define access credentials and permissions for file-based crawling.
 *
 */
public class ApiAdminFileauthAction extends FessApiAdminAction {

    private static final Logger logger = LogManager.getLogger(ApiAdminFileauthAction.class);

    val nextTunnelRequest =
      createTunnel()
        ?: return ConnectResult(plan = this) // Success.

    // The proxy decided to close the connection after an auth challenge. Retry with different
    // auth credentials.
    rawSocket?.closeQuietly()

    val nextAttempt = attempt + 1
    return when {
      nextAttempt < MAX_TUNNEL_ATTEMPTS -> {
        user.callConnectEnd(route, null)
        ConnectResult(