if (e instanceof SmbException) {
            SmbException se = (SmbException) e;
            int status = se.getNtStatus();
            // Retry on network-related errors but not on authentication or access errors
            return status == NtStatus.NT_STATUS_CONNECTION_REFUSED || status == NtStatus.NT_STATUS_NETWORK_NAME_DELETED
                    || status == NtStatus.NT_STATUS_BAD_NETWORK_NAME;
        }

import jcifs.CIFSContext;
import jcifs.Configuration;
import jcifs.NameServiceClient;
import jcifs.NetbiosAddress;
import jcifs.util.Hexdump;

/**
 * Comprehensive test suite for Type2Message NTLM authentication message.
 * Tests all constructors, parsing, and serialization functionality.
 */
@DisplayName("Type2Message Comprehensive Tests")
class Type2MessageTest {

        for (WitnessNotification notification : notifications) {
            // Handle notification
        }
    }
}
```

## 10. Security Considerations

### 10.1 Witness Authentication
```java
public class WitnessSecurityManager {
    public void authenticateWitnessService(InetAddress witnessServer) throws SecurityException {
        // Verify witness service is authorized

- `system:kube-controller-manager` and `system:kube-scheduler` users are now permitted to perform delegated authentication/authorization checks by default RBAC policy ([#72491](https://github.com/kubernetes/kubernetes/pull/72491), [@liggitt](https://github.com/liggitt))

* A very powerful and easy to use **<abbr title="also known as components, resources, providers, services, injectables">Dependency Injection</abbr>** system.
* Security and authentication, including support for **OAuth2** with **JWT tokens** and **HTTP Basic** auth.
* More advanced (but equally easy) techniques for declaring **deeply nested JSON models** (thanks to Pydantic).

* A very powerful and easy to use **<abbr title="also known as components, resources, providers, services, injectables">Dependency Injection</abbr>** system.
* Security and authentication, including support for **OAuth2** with **JWT tokens** and **HTTP Basic** auth.
* More advanced (but equally easy) techniques for declaring **deeply nested JSON models** (thanks to Pydantic).

		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrMissingDateHeader: {
		Code:           "AccessDenied",
		Description:    "AWS authentication requires a valid Date or x-amz-date header",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrInvalidQuerySignatureAlgo: {
		Code:           "AuthorizationQueryParametersError",

  - `--address`
  The insecure port flags `--port` may only be set to 0 now.
  
  In addtion, please be careful that:
  - controller-manager MUST start with `--authorization-kubeconfig` and `--authentication-kubeconfig` correctly set to get authentication/authorization working.
  - liveness/readiness probes to controller-manager MUST use HTTPS now, and the default port has been changed to 10257.

* client-go: alpha support for out-of-tree exec-based credential providers. For example, a cloud provider could create their own authentication system rather than using the standard authentication provided with Kubernetes. ([#59495](https://github.com/kubernetes/kubernetes/pull/59495), [@ericchiang](https://github.com/ericchiang))

    - [kubeadm](#kubeadm-1)
    - [Other Deprecations](#other-deprecations)
  - [Changes to API Resources](#changes-to-api-resources)
    - [ABAC](#abac)
    - [Admission Control](#admission-control)
    - [Authentication](#authentication)
    - [Authorization](#authorization)
    - [Autoscaling](#autoscaling-1)
    - [Certificates](#certificates)
    - [ConfigMap](#configmap)
    - [CronJob](#cronjob)
    - [DaemonSet](#daemonset-1)