mc ilm add --expiry-days 365 --transition-days 45 --storage-class "AZURETIER" myminio/srcbucket
```

Note: In the case of S3, it is possible to create a tier from MinIO running in EC2 to S3 using AWS role attached to EC2 as credentials instead of accesskey/secretkey:

```
mc admin tier add s3 source S3TIER --bucket s3bucket --prefix testprefix/ --use-aws-role
```

     *
     * @param transport
     *            The SMB transport containing server encryption key
     * @param auth
     *            The NTLM password authenticator containing user credentials
     * @throws SmbException
     *             If there is an error setting up the signing digest
     */

        AUTHENTICATION_FAILED("Authentication failed", ErrorCategory.AUTHENTICATION, false), ACCESS_DENIED("Access denied",
                ErrorCategory.AUTHENTICATION, false), INVALID_CREDENTIALS("Invalid credentials", ErrorCategory.AUTHENTICATION,
                        false), SESSION_EXPIRED("Session expired", ErrorCategory.AUTHENTICATION, true),

        // File system errors

Open the interactive docs: <a href="http://127.0.0.1:8000/docs" class="external-link" target="_blank">http://127.0.0.1:8000/docs</a>.

### Authenticate { #authenticate }

Click the "Authorize" button.

Use the credentials:

User: `johndoe`

Password: `secret`

<img src="/img/tutorial/security/image04.png">

After authenticating in the system, you will see it like:

<img src="/img/tutorial/security/image05.png">

    private static int call_id = 1;

    /**
     * Gets a DCERPC handle for the specified URL and authentication
     * @param url the DCERPC URL to connect to
     * @param auth the NTLM authentication credentials
     * @return a DCERPC handle for the connection
     * @throws UnknownHostException if the host cannot be resolved
     * @throws MalformedURLException if the URL is malformed

            ThreadUtil.sleep(1000L);
        }
    }

    private void setupMinioClient(String bucketName, String endpoint) throws Exception {
        MinioClient minioClient = MinioClient.builder().endpoint(endpoint).credentials(ACCESS_KEY, SECRET_KEY).build();
        minioClient.makeBucket(MakeBucketArgs.builder().bucket(bucketName).build());
        minioClient.putObject(PutObjectArgs.builder()
                .bucket(bucketName)

		return true, nil
	}
	return false, nil
}

func newWarmBackendGCS(conf madmin.TierGCS, tier string) (*warmBackendGCS, error) {
	// Validation code
	if conf.Creds == "" {
		return nil, errors.New("empty credentials unsupported")
	}

	if conf.Bucket == "" {
		return nil, errors.New("no bucket name was provided")
	}

	credsJSON, err := conf.GetCredentialJSON()
	if err != nil {
		return nil, err
	}

        } catch (RuntimeException e) {
            assertEquals("Delete failed", e.getMessage());
        }

        assertEquals(1, chain.deleteCalls.size());
    }

    // Test changePassword with valid credentials
    public void test_changePassword_success() {
        TestAuthenticationChain chain = new TestAuthenticationChain();
        chain.changePasswordResult = true;

    }

    @Test
    @DisplayName("Should handle no retry policy")
    void testNoRetryPolicy() {
        // When
        exception = new SmbOperationException(SmbOperationException.ErrorCode.AUTHENTICATION_FAILED, "Bad credentials", null,
                SmbOperationException.RetryPolicy.NO_RETRY, null);

        // Then
        assertFalse(exception.isRetryable());
        assertFalse(exception.shouldRetry(1));

func enforceRetentionBypassForPut(ctx context.Context, r *http.Request, oi ObjectInfo, objRetention *objectlock.ObjectRetention, cred auth.Credentials, owner bool) error {
	byPassSet := objectlock.IsObjectLockGovernanceBypassSet(r.Header)

	t, err := objectlock.UTCNowNTP()
	if err != nil {
		internalLogIf(ctx, err, logger.WarningKind)