### API Change

- A few log calls which did not properly format their parameters were fixed. ([#137108](https://github.com/kubernetes/kubernetes/pull/137108), [@pohly](https://github.com/pohly)) [SIG API Machinery, Apps, Auth, Cluster Lifecycle, Network, Node, Scheduling and Testing]

- Enabled kube-apiserver support for `PodCertificateRequest` and `PodCertificate` projected volumes (behind the `PodCertificateRequest` feature gate). ([#128010](https://github.com/kubernetes/kubernetes/pull/128010), [@ahmedtd](https://github.com/ahmedtd)) [SIG API Machinery, Apps, Auth, Cloud Provider, Etcd, Node, Storage and Testing]

- DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore. ([#134452](https://github.com/kubernetes/kubernetes/pull/134452), [@pohly](https://github.com/pohly)) [SIG Auth, Node, Scheduling and Testing]

// Create context with credentials
CIFSContext context = new BaseContext(new jcifs.config.PropertyConfiguration());
NtlmPasswordAuthenticator auth = new NtlmPasswordAuthenticator("domain", "username", "password");
CIFSContext authContext = context.withCredentials(auth);

// Use authenticated context
try (SmbFile file = new SmbFile("smb://server/share/", authContext)) {
    for (SmbFile f : file.listFiles()) {

        buf.enc_ndr_small(2); // ptype = 2 (Response)
        buf.enc_ndr_small(0); // flags
        buf.enc_ndr_long(0x00000010); // data representation
        buf.enc_ndr_short(20); // length
        buf.enc_ndr_short(0); // auth length
        buf.enc_ndr_long(0); // call_id

        // Response body
        buf.enc_ndr_long(4); // alloc_hint
        buf.enc_ndr_short(0); // context_id
        buf.enc_ndr_short(0); // cancel_count

     *
     * @param   url The URL of the target resource
     * @param   auth The credentials the client should use for authentication
     */
    public SmbFile(final URL url, final NtlmPasswordAuthentication auth) {
        super(url);
        this.auth = auth == null ? new NtlmPasswordAuthentication(url.getUserInfo()) : auth;

        getUncPath0();
    }

		},
		config.HelpKV{
			Key:         target.WebhookClientCert,
			Description: "client cert for Webhook mTLS auth",
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         target.WebhookClientKey,
			Description: "client cert key for Webhook mTLS auth",
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
		},
	}

		},
		config.HelpKV{
			Key:         KafkaClientTLSCert,
			Description: "path to client certificate for mTLS auth",
			Optional:    true,
			Type:        "path",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         KafkaClientTLSKey,
			Description: "path to client key for mTLS auth",
			Optional:    true,
			Type:        "path",
			Sensitive:   true,
		},
		config.HelpKV{

    listener.assertFailure("canceled")
  }

  @Test
  fun failureWith401IsReadable() {
    server.enqueue(
      MockResponse(
        code = 401,
        body = "{\"error\":{\"message\":\"No auth credentials found\",\"code\":401}}",
        headers = Headers.headersOf("content-type", "application/json"),
      ),
    )
    server.enqueue(
      MockResponse(
        body =
          """

    client_id: optional string. OAuth2 recommends sending the client_id and client_secret (if any)
        using HTTP Basic auth, as: client_id:client_secret
    client_secret: optional string. OAuth2 recommends sending the client_id and client_secret (if any)
        using HTTP Basic auth, as: client_id:client_secret
    """

    def __init__(
        self,
        grant_type: Annotated[
            str,