assertFalse(cifsContextWrapper.hasDefaultCredentials());
        verify(mockDelegate).hasDefaultCredentials();
    }

    @Test
    void testWithCredentials() {
        // Test withCredentials(Credentials creds) method
        Credentials mockCredentials = mock(Credentials.class);
        CIFSContext mockNewContext = mock(CIFSContext.class);
        when(mockDelegate.withCredentials(mockCredentials)).thenReturn(mockNewContext);

        when(tc.getConfig()).thenReturn(config);
        when(config.isAllowNTLMFallback()).thenReturn(true);
        when(config.isUseRawNTLM()).thenReturn(false);

        // Enable NTLM fallback by providing NTLM creds in constructor
        Kerb5Authenticator auth = new Kerb5Authenticator(new Subject(), "DOM", "user", "pass");
        auth.setForceFallback(true);

	if err != nil {
		return nil, err
	}
	if insecure {
		// skip TLS verification
		transport.TLSClientConfig.InsecureSkipVerify = true
	}

	clnt, err := minio.New(u.Host, &minio.Options{
		Creds:     credentials.NewStaticV4(accessKey, secretKey, ""),
		Secure:    secure,
		Transport: transport,
	})
	if err != nil {
		return nil, err
	}

	return clnt, nil
}

func main() {

	"net/url"
	"time"
	"fmt"

	"github.com/minio/minio-go/v7"
	"github.com/minio/minio-go/v7/pkg/credentials"
)

func main() {
	s3Client, err := minio.New("localhost:9000", &minio.Options{
		Creds:  credentials.NewStaticV4("minioadmin", "minioadmin", ""),
		Secure: false,
	})
	if err != nil {
		log.Fatalln(err)
	}

	// Set lambda function target via `lambdaArn`
	reqParams := make(url.Values)

						Parent:        creds.ParentUser,
						AccessKey:     creds.AccessKey,
						SecretKey:     creds.SecretKey,
						Groups:        creds.Groups,
						Claims:        claims,
						SessionPolicy: policyJSON,
						Status:        creds.Status,
						Name:          creds.Name,
						Description:   creds.Description,
						Expiration:    &creds.Expiration,
					},
				},

	tr := http.RoundTripper(globalRemoteFTPClientTransport)
	if f.remoteIP != "" {
		tr = forwardForTransport{tr: tr, fwd: f.remoteIP}
	}
	return minio.New(f.endpoint, &minio.Options{
		TrailingHeaders: true,
		Creds:           mcreds,
		Secure:          globalIsTLS,
		Transport:       tr,
	})
}

func (f *sftpDriver) AccessKey() string {
	return f.permissions.CriticalOptions["AccessKey"]
}

func (sys *IAMSys) updateGroupMembershipsForLDAP(ctx context.Context) {
	// 1. Collect all LDAP users with active creds.
	allCreds := sys.store.GetSTSAndServiceAccounts()
	// List of unique LDAP (parent) user DNs that have active creds
	var parentUserActualDNList []string
	// Map of LDAP user (internal representation) to list of active credential objects

	ctx, cancel := context.WithCancel(r.Context())
	defer cancel()

	objectAPI, creds := validateAdminReq(ctx, w, r, policy.HealthInfoAdminAction)
	if objectAPI == nil {
		return
	}

	if !globalAPIConfig.permitRootAccess() {
		rd, wr := isAllowedRWAccess(r, creds, globalObjectPerfBucket)
		if !rd || !wr {
			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, AdminError{

	region := globalSite.Region()
	if region == "" {
		region = "us-east-1"
	}
	bootstrapTrace("globalMinioClient", func() {
		globalMinioClient, err = minio.New(globalLocalNodeName, &minio.Options{
			Creds:     credentials.NewStaticV4(globalActiveCred.AccessKey, globalActiveCred.SecretKey, ""),
			Secure:    globalIsTLS,
			Transport: globalRemoteTargetTransport,
			Region:    region,
		})

					z.Creds.AccessKey, err = dc.ReadString()
					if err != nil {
						err = msgp.WrapError(err, "Creds", "AccessKey")
						return
					}
				case "SecretKey":
					z.Creds.SecretKey, err = dc.ReadString()
					if err != nil {
						err = msgp.WrapError(err, "Creds", "SecretKey")
						return
					}
				case "SessionToken":
					z.Creds.SessionToken, err = dc.ReadString()
					if err != nil {