*
     * @param transport
     *            The SMB transport containing server encryption key
     * @param auth
     *            The NTLM password authenticator containing user credentials
     * @throws SmbException
     *             If there is an error setting up the signing digest
     */

      }
    }
    ```

 *  New: `MediaType.parameter()` gets a parameter like `boundary` from a media type like
    `multipart/mixed; boundary="abc"`.

 *  New: `Authenticator.JAVA_NET_AUTHENTICATOR` forwards authentication requests to
    `java.net.Authenticator`. This obsoletes `JavaNetAuthenticator` in the `okhttp-urlconnection`
    module.

 *  New: `CertificatePinner` now offers an API for inspecting the configured pins.

HSPLokhttp3/Address;->equalsNonHost$okhttp(Lokhttp3/Address;)Z
HSPLokhttp3/Address;->hashCode()I
HSPLokhttp3/Authenticator$Companion$AuthenticatorNone;-><init>()V
HSPLokhttp3/Authenticator;-><clinit>()V
HSPLokhttp3/Cache;-><init>(Ljava/io/File;J)V

- The API server now detects and fails on startup if there are conflicting issuers between JWT authenticators and service account configurations. Previously, such configurations would run but could be inconsistently effective depending on the credential. ([#123561](https://github.com/kubernetes/kubernetes/pull/123561), [@enj](https://github.com/enj))

                proxy = new Proxy(Type.HTTP, addr);
                if (StringUtil.isNotBlank(getHttpProxyUsername())) {
                    Authenticator.setDefault(new Authenticator() {
                        @Override
                        protected PasswordAuthentication getPasswordAuthentication() {

		return
	}

	// It is required that parent user be set.
	if res.Success.User == "" {
		writeSTSErrorResponse(ctx, w, ErrSTSUpstreamError, errors.New("A valid user was not returned by the authenticator."))
		return
	}

	// Expiry is set as minimum of requested value and value allowed by auth
	// plugin.
	expiry := res.Success.MaxValiditySeconds
	if durationParam != "" && requestedDuration < expiry {

* Security/Auth
  * L7 LB controller and disk attach controllers run on master, so nodes do not need those privileges.
  * Setting TLS1.2 minimum
  * `kubectl create secret tls` command
  * Webhook Token Authenticator
  * **beta** PodSecurityPolicy objects limits use of security-sensitive features by pods.
* Kubectl
  * Display line number on JSON errors
  * Add flag -t as shorthand for --tty
* Resources

 */

package jcifs.smb1.http;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Authenticator;
import java.net.HttpURLConnection;
import java.net.PasswordAuthentication;
import java.net.ProtocolException;
import java.net.URL;
import java.net.URLDecoder;
import java.security.Permission;

package org.apache.maven.wrapper; synchronized class DefaultDownloader$1 extends java.net.Authenticator { void DefaultDownloader$1(DefaultDownloader); protected java.net.PasswordAuthenticati getPasswordAuthentic(); } org/apache/maven/wrapper/DefaultDownloader$SystemPropertiesProx.class package org.apache.maven.wrapper; synchronized class DefaultDownloader$SystemPropertiesProx extends java.net.Authenticator { private void DefaultDownloader$SystemPropertiesProx(); protected java.net.PasswordAuthenticati...

* kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag. ([#58544](https://github.com/kubernetes/kubernetes/pull/58544), [@ericchiang](https://github.com/ericchiang))