$MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) return $? } # createUser ($policy) createUser() { POLICY=$1 #check accessKey_and_secretKey_tmp file if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then echo "credentials file does not exist" return 1 fi if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then echo "credentials file is invalid" rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP return 1 fi # Create the user if it does not exist if ! checkUserExists ; then echo "Creating user '$USER'" cat $MINIO_ACCESSKEY_SECRETKEY_TMP...

/dev/null 2>&1) return $? } # createSvcacct ($user) createSvcacct () { USER=$1 FILENAME=$2 #check accessKey_and_secretKey_tmp file if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then echo "credentials file does not exist" return 1 fi if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then echo "credentials file is invalid" rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP return 1 fi SVCACCT=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) # Create the svcacct if it does not exist if ! checkSvcacctExists ; then...

		return
	}
	writeSuccessResponseJSON(w, resp)
}

// checkKMSActionAllowed checks for authorization for a specific action on a resource.
func checkKMSActionAllowed(r *http.Request, owner bool, cred auth.Credentials, action policy.KMSAction, resource string) bool {
	return globalIAMSys.IsAllowed(policy.Args{
		AccountName:     cred.AccessKey,
		Groups:          cred.Groups,
		Action:          policy.Action(action),

    )

    powershell -Command "&{"^
		"$webclient = new-object System.Net.WebClient;"^
		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
		"}"^

    )

    powershell -Command "&{"^
		"$webclient = new-object System.Net.WebClient;"^
		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
		"}"^
		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^

The user setting up replication needs *s3:GetReplicationConfiguration* and *s3:GetBucketVersioning* permission on the source cluster. We do not recommend running root credentials/super admin with replication, instead create a dedicated user. The access credentials used at the destination requires *s3:ReplicateObject* permission.

The following minimal permission policy is needed by admin user setting up replication on the `source`:

```
{

 * MSIE clients using NTLM SSP. This is similar to <tt>Authentication:
 * BASIC</tt> but weakly encrypted and without requiring the user to re-supply
 * authentication credentials.
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> for complete details.
 */

public class NtlmHttpFilter implements Filter {

$MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) return $? } # createUser ($policy) createUser() { POLICY=$1 #check accessKey_and_secretKey_tmp file if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then echo "credentials file does not exist" return 1 fi if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then echo "credentials file is invalid" rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP return 1 fi USER=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) # Create the user if it does not exist if ! checkUserExists ; then echo "Creating...

    }

    protected boolean validate() {
        if (!isBind) {
            if (fessConfig.getLdapAdminSecurityPrincipal() == null || fessConfig.getLdapAdminSecurityCredentials() == null) {
                // no credentials
                return !fessConfig.isLdapAuthValidation();
            }
            final Hashtable<String, String> env = createAdminEnv();
            try (DirContextHolder holder = getDirContext(() -> env)) {

    private Cipher sealClientHandle;
    private Cipher sealServerHandle;


    /**
     * @param tc
     *            context to use
     * @param auth
     *            credentials
     * @param doSigning
     *            whether signing is requested
     */
    public NtlmContext ( CIFSContext tc, NtlmPasswordAuthenticator auth, boolean doSigning ) {
        this.transportContext = tc;