mc ilm add --expiry-days 365 --transition-days 45 --storage-class "AZURETIER" myminio/srcbucket
```

Note: In the case of S3, it is possible to create a tier from MinIO running in EC2 to S3 using AWS role attached to EC2 as credentials instead of accesskey/secretkey:

```
mc admin tier add s3 source S3TIER --bucket s3bucket --prefix testprefix/ --use-aws-role
```

Write-Verbose "Downloading from: $distributionUrl"
Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName"

$webclient = New-Object System.Net.WebClient
if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) {
  $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD)
}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

        AUTHENTICATION_FAILED("Authentication failed", ErrorCategory.AUTHENTICATION, false), ACCESS_DENIED("Access denied",
                ErrorCategory.AUTHENTICATION, false), INVALID_CREDENTIALS("Invalid credentials", ErrorCategory.AUTHENTICATION,
                        false), SESSION_EXPIRED("Session expired", ErrorCategory.AUTHENTICATION, true),

        // File system errors

Open the interactive docs: <a href="http://127.0.0.1:8000/docs" class="external-link" target="_blank">http://127.0.0.1:8000/docs</a>.

### Authenticate { #authenticate }

Click the "Authorize" button.

Use the credentials:

User: `johndoe`

Password: `secret`

<img src="/img/tutorial/security/image04.png">

After authenticating in the system, you will see it like:

<img src="/img/tutorial/security/image05.png">

     *
     * @param transport
     *            The SMB transport containing server encryption key
     * @param auth
     *            The NTLM password authenticator containing user credentials
     * @throws SmbException
     *             If there is an error setting up the signing digest
     */

func enforceRetentionBypassForPut(ctx context.Context, r *http.Request, oi ObjectInfo, objRetention *objectlock.ObjectRetention, cred auth.Credentials, owner bool) error {
	byPassSet := objectlock.IsObjectLockGovernanceBypassSet(r.Header)

	t, err := objectlock.UTCNowNTP()
	if err != nil {
		internalLogIf(ctx, err, logger.WarningKind)

    private static int call_id = 1;

    /**
     * Gets a DCERPC handle for the specified URL and authentication
     * @param url the DCERPC URL to connect to
     * @param auth the NTLM authentication credentials
     * @return a DCERPC handle for the connection
     * @throws UnknownHostException if the host cannot be resolved
     * @throws MalformedURLException if the URL is malformed

            ThreadUtil.sleep(1000L);
        }
    }

    private void setupMinioClient(String bucketName, String endpoint) throws Exception {
        MinioClient minioClient = MinioClient.builder().endpoint(endpoint).credentials(ACCESS_KEY, SECRET_KEY).build();
        minioClient.makeBucket(MakeBucketArgs.builder().bucket(bucketName).build());
        minioClient.putObject(PutObjectArgs.builder()
                .bucket(bucketName)

		return true, nil
	}
	return false, nil
}

func newWarmBackendGCS(conf madmin.TierGCS, tier string) (*warmBackendGCS, error) {
	// Validation code
	if conf.Creds == "" {
		return nil, errors.New("empty credentials unsupported")
	}

	if conf.Bucket == "" {
		return nil, errors.New("no bucket name was provided")
	}

	credsJSON, err := conf.GetCredentialJSON()
	if err != nil {
		return nil, err
	}

    val nextTunnelRequest =
      createTunnel()
        ?: return ConnectResult(plan = this) // Success.

    // The proxy decided to close the connection after an auth challenge. Retry with different
    // auth credentials.
    rawSocket?.closeQuietly()

    val nextAttempt = attempt + 1
    return when {
      nextAttempt < MAX_TUNNEL_ATTEMPTS -> {
        user.callConnectEnd(route, null)
        ConnectResult(