* Add new Prometheus metric that monitors the remaining lifetime of certificates used to authenticate requests to the API server. ([#50387](https://github.com/kubernetes/kubernetes/pull/50387), [@jcbsmpsn](https://github.com/jcbsmpsn))

	public static final field Companion Lokhttp3/Authenticator$Companion;
	public static final field JAVA_NET_AUTHENTICATOR Lokhttp3/Authenticator;
	public static final field NONE Lokhttp3/Authenticator;
	public abstract fun authenticate (Lokhttp3/Route;Lokhttp3/Response;)Lokhttp3/Request;
}

public final class okhttp3/Authenticator$Companion {
}

public final class okhttp3/Cache : java/io/Closeable, java/io/Flushable {

                     * is like changing the rug out from underneath our feet.
                     */
                    /* Technically we should also try to authenticate here but that means doing the session setup and tree connect separately. For now a simple connect will at least tell us if the host is alive. That should be sufficient for 99% of the cases. We can revisit this again for 2.0.

effect. Delete/modify the configs if that's not desirable. ([#58185](https://github.com/kubernetes/kubernetes/pull/58185), [@caesarxuchao](https://github.com/caesarxuchao))

* Using kubectl gcp auth plugin with a Google Service Account to authenticate to a cluster now additionally requests a token with the  "userinfo.email" scope. This way, users can write ClusterRoleBindings/RoleBindings with the email address of the service account directly. (This is a breaking change if the numeric uniqueIDs...

- Fixed an issue where `pull image` fails from a cross-subscription Azure Container Registry when using MSI to authenticate. ([#77245](https://github.com/kubernetes/kubernetes/pull/77245), [@norshtein](https://github.com/norshtein))

    *   Mutation support for admission webhooks. ([#54892](https://github.com/kubernetes/kubernetes/pull/54892),[ @caesarxuchao](https://github.com/caesarxuchao))
    *   Webhook admission now takes a config file that describes how to authenticate to webhook servers ([#54414](https://github.com/kubernetes/kubernetes/pull/54414),[ @deads2k](https://github.com/deads2k))

- Kube-apiserver now reports latency metric for JWT authenticator authenticate token decisions in the `apiserver_authentication_jwt_authenticator_latency_seconds` metric, labeled by jwtIssuer hash and result. ([#123225](https://github.com/kubernetes/kubernetes/pull/123225), [@aramase](https://github.com/aramase))

## Specifying Access Control with IAM Policies

    }

    /**
     * Redirects an authenticated user to the appropriate admin interface based on their roles.
     * Users with admin roles are redirected to the dashboard, while other users are redirected
     * to their designated admin action class or to the root if no specific action is available.
     *
     * @param user the authenticated user bean containing role information

     */
    int NTLMSSP_REQUEST_TARGET = 0x00000004;

    /**
     * Specifies that communication across the authenticated channel
     * should carry a digital signature (message integrity).
     */
    int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;

    /**
     * Specifies that communication across the authenticated channel
     * should be encrypted (message confidentiality).
     */
    int NTLMSSP_NEGOTIATE_SEAL = 0x00000020;