return updatedAt, errServerNotInitialized
	}

	if !auth.IsAccessKeyValid(accessKey) {
		return updatedAt, auth.ErrInvalidAccessKeyLength
	}

	if auth.ContainsReservedChars(accessKey) {
		return updatedAt, auth.ErrContainsReservedChars
	}

	if !auth.IsSecretKeyValid(ureq.SecretKey) {
		return updatedAt, auth.ErrInvalidSecretKeyLength
	}

                auth.getUserSessionKey(transport.getContext(), serverEncryptionKey, this.macSigningKey, 0);
                break;
            default:
                this.macSigningKey = new byte[40];
                auth.getUserSessionKey(transport.getContext(), serverEncryptionKey, this.macSigningKey, 0);

                    return;
                }
            } else {
                final String auth = new String(Base64.decode(msg.substring(6)), "US-ASCII");
                int index = auth.indexOf(':');
                String user = index != -1 ? auth.substring(0, index) : auth;
                final String password = index != -1 ? auth.substring(index + 1) : "";
                index = user.indexOf('\\');
                if (index == -1) {

     * @param url the DCERPC URL specifying the endpoint
     * @param auth the NTLM authentication credentials
     * @throws UnknownHostException if the host cannot be resolved
     * @throws MalformedURLException if the URL is malformed
     * @throws DcerpcException if DCERPC initialization fails
     */
    public DcerpcPipeHandle(String url, final NtlmPasswordAuthentication auth)

                ssn.removeAttribute("NtlmHttpChal");
            } else {
                final String auth = new String(Base64.decode(msg.substring(6)), "US-ASCII");
                int index = auth.indexOf(':');
                String user = index != -1 ? auth.substring(0, index) : auth;
                final String password = index != -1 ? auth.substring(index + 1) : "";
                index = user.indexOf('\\');
                if (index == -1) {

- DRA: The `DynamicResourceAllocation` feature gate for the core functionality (GA in `v1.34`) has now been locked to enabled-by-default and cannot be disabled anymore. ([#134452](https://github.com/kubernetes/kubernetes/pull/134452), [@pohly](https://github.com/pohly)) [SIG Auth, Node, Scheduling and Testing]

import static org.mockito.Mockito.when;

import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;

// Create context with credentials
CIFSContext context = new BaseContext(new jcifs.config.PropertyConfiguration());
NtlmPasswordAuthenticator auth = new NtlmPasswordAuthenticator("domain", "username", "password");
CIFSContext authContext = context.withCredentials(auth);

// Use authenticated context
try (SmbFile file = new SmbFile("smb://server/share/", authContext)) {
    for (SmbFile f : file.listFiles()) {

sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS
tls_skip_verify  (on|off)    trust server TLS without verification, defaults to "on" (verify)
client_tls_cert  (path)      path to client certificate for mTLS auth
client_tls_key   (path)      path to client key for mTLS auth

    client_id: optional string. OAuth2 recommends sending the client_id and client_secret (if any)
        using HTTP Basic auth, as: client_id:client_secret
    client_secret: optional string. OAuth2 recommends sending the client_id and client_secret (if any)
        using HTTP Basic auth, as: client_id:client_secret
    """

    def __init__(
        self,
        grant_type: Annotated[
            str,