* Make sure you have well defined Pydantic models for your request bodies and responses.
* Configure any required permissions and roles using dependencies.
* Never store plaintext passwords, only password hashes.
* Implement and use well-known cryptographic tools, like Passlib and JWT tokens, etc.
* Add more granular permission controls with OAuth2 scopes where needed.
* ...etc.

    protected static final String SPNEGO_ALLOW_BASIC = "spnego.allow.basic";
    protected static final String SPNEGO_PREAUTH_PASSWORD = "spnego.preauth.password";
    protected static final String SPNEGO_PREAUTH_USERNAME = "spnego.preauth.username";
    protected static final String SPNEGO_LOGIN_SERVER_MODULE = "spnego.login.server.module";

            userService.changePassword(username, form.newPassword);
            saveInfo(messages -> messages.addSuccessChangedPassword(GLOBAL));
        } catch (final Exception e) {
            logger.warn("Failed to change password for {}", username, e);
            throwValidationError(messages -> messages.addErrorsFailedToChangePassword(GLOBAL), toIndexPage);
        }
        return redirect(getClass());
    }

fi

if [ $failed_count_site2 -ne 0 ]; then
	echo "failed with multipart on site2 uploads"
	exit 1
fi

# Add user group test
./mc admin user add site1 site-replication-issue-user site-replication-issue-password
./mc admin group add site1 site-replication-issue-group site-replication-issue-user

max_wait_attempts=30
wait_interval=5

attempt=1
while true; do

					<div class="input-group mb-3">
						<c:set var="ph_new_password">
							<la:message key="labels.login.placeholder_new_password" />
						</c:set>
						<la:password property="password" class="form-control"
							placeholder="${ph_new_password}" />
						<div class="input-group-append">
							<span class="input-group-text">
								<em class="fa fa-lock fa-fw">
							</span>
						</div>

	_, err = sshPasswordAuth(newSSHCon, []byte("dillon"))
	if err != nil {
		c.Fatal("Password authentication failed for user (dillon):", err)
	}

	newSSHCon = newSSHConnMock("dillon")
	_, err = sshPasswordAuth(newSSHCon, []byte("dillon"))
	if err != nil {
		c.Fatal("Password authentication failed for user (dillon):", err)
	}

                int index = auth.indexOf(':');
                String user = ( index != -1 ) ? auth.substring(0, index) : auth;
                String password = ( index != -1 ) ? auth.substring(index + 1) : "";
                index = user.indexOf('\\');
                if ( index == -1 )
                    index = user.indexOf('/');

    @Test
    public void testNFold () {
        // rfc3961 test vectors
        verifyNfold(64, "012345", "be072631276b1955");
        verifyNfold(56, "password", "78a07b6caf85fa");
        verifyNfold(64, "Rough Consensus, and Running Code", "bb6ed30870b7f0e0");
        verifyNfold(168, "password", "59e4a8ca7c0385c3c37b3f6d2000247cb6e6bd5b3e");
        verifyNfold(192, "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", "db3b0d8f0b061e603282b308a50841229ad798fab9540c1b");

## About third party integrations

In this example we are using the OAuth2 "password" flow.

This is appropriate when we are logging in to our own application, probably with our own frontend.

Because we can trust it to receive the `username` and `password`, as we control it.

topic            (string)    Kafka topic used for bucket notifications
sasl_username    (string)    username for SASL/PLAIN or SASL/SCRAM authentication
sasl_password    (string)    password for SASL/PLAIN or SASL/SCRAM authentication
sasl_mechanism   (string)    sasl authentication mechanism, default 'plain'
tls_client_auth  (string)    clientAuth determines the Kafka server's policy for TLS client auth