# MinIO Admin Multi-user Quickstart Guide [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)

MinIO supports multiple admin users in addition to default operator credential created during server startup. New admins can be added after server starts up, and server can be configured to deny or allow access to different admin operations for these users. This document explains how to add/remove admin users and modify their access rights.

## Get started

    server.enqueue(
      MockResponse(code = 401),
    )
    server.enqueue(MockResponse())
    val credential = basic("jesse", "secret")
    client =
      client
        .newBuilder()
        .authenticator(RecordingOkAuthenticator(credential, null))
        .build()
    val response =
      getResponse(
        Request(
          url = server.url("/"),

    private String user = null;
    /** The Kerberos realm */
    private String realm = null;
    /** The service principal name */
    private String service = DEFAULT_SERVICE;
    /** The user credential lifetime */
    private int userLifetime = GSSCredential.DEFAULT_LIFETIME;
    /** The security context lifetime */
    private int contextLifetime = GSSContext.DEFAULT_LIFETIME;

	"$expires":                 true,
	"$key":                     true,
	"$success_action_redirect": true,
	"$redirect":                true,
	"$success_action_status":   true,
	"$x-amz-algorithm":         false,
	"$x-amz-credential":        false,
	"$x-amz-date":              false,
}

// Add policy conditionals.
const (
	policyCondEqual         = "eq"
	policyCondStartsWith    = "starts-with"

}

func validateAdminSignature(ctx context.Context, r *http.Request, region string) (auth.Credentials, bool, APIErrorCode) {
	var cred auth.Credentials
	var owner bool
	s3Err := ErrAccessDenied
	if _, ok := r.Header[xhttp.AmzContentSha256]; ok &&
		getRequestAuthType(r) == authTypeSigned {
		// Get credential information from the request.
		cred, owner, s3Err = getReqAccessKeyV4(r, region, serviceS3)

        }

        return new String(out, 0, j);
    }

    /**
     * Check if the given mechanism is preferred for this credential
     *
     * @param mechanism the mechanism to check
     * @return whether the given mechanism is the preferred one for this credential
     */
    public boolean isPreferredMech(ASN1ObjectIdentifier mechanism) {
        return NtlmContext.NTLMSSP_OID.equals(mechanism);
    }

   */
  @Test
  fun duplexWithAuthChallenge() {
    enableProtocol(Protocol.HTTP_2)
    val credential = basic("jesse", "secret")
    client =
      client
        .newBuilder()
        .authenticator(RecordingOkAuthenticator(credential, null))
        .build()
    val body1 =
      MockSocketHandler()
        .sendResponse("please authenticate!\n")

		isDerived := false
		if v.Credentials.IsServiceAccount() || v.Credentials.IsTemp() {
			isDerived = true
		}

		if !isDerived && v.Credentials.AccessKey == accessKey {
			userExists = true
		} else if isDerived && v.Credentials.ParentUser == accessKey {
			userExists = true
			if v.Credentials.IsTemp() {
				// Hide secret key & session key here
				v.Credentials.SecretKey = ""

              .endpoint("https://play.min.io")
              .credentials("Q3AM3UQ867SPQQA43P2F", "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG")
              .build();

      /* Amazon S3: */
      // MinioClient minioClient =
      //     MinioClient.builder()
      //         .endpoint("https://s3.amazonaws.com")
      //         .credentials("YOUR-ACCESSKEY", "YOUR-SECRETACCESSKEY")
      //         .build();

pkg syscall (freebsd-386-cgo), type Cmsghdr struct, Type int32
pkg syscall (freebsd-386-cgo), type Credential struct
pkg syscall (freebsd-386-cgo), type Credential struct, Gid uint32
pkg syscall (freebsd-386-cgo), type Credential struct, Groups []uint32
pkg syscall (freebsd-386-cgo), type Credential struct, Uid uint32
pkg syscall (freebsd-386-cgo), type Dirent struct