exit_1
fi

STS_ACCESS_KEY=$(echo ${STS_CRED} | cut -d ':' -f 1)

# Create service account for STS user
./mc admin user svcacct add minio2 $STS_ACCESS_KEY --access-key testsvc --secret-key testsvc123
if [ $? -ne 0 ]; then
	echo "adding svc account failed, exiting.."
	exit_1
fi

sleep 10

./mc admin user svcacct info minio1 testsvc
if [ $? -ne 0 ]; then
	echo "svc account not mirrored, exiting.."
	exit_1

                String user = index != -1 ? auth.substring(0, index) : auth;
                final String password = index != -1 ? auth.substring(index + 1) : "";
                index = user.indexOf('\\');
                if (index == -1) {
                    index = user.indexOf('/');
                }
                final String domain = index != -1 ? user.substring(0, index) : this.defaultDomain;

    /**
     * Returns the list of user addresses.
     *
     * @return list of user InetAddress objects
     */
    public ArrayList<InetAddress> getUserAddresses() {
        return this.userAddresses;
    }

    /**
     * Returns the list of user authorization data.
     *
     * @return list of KerberosAuthData objects
     */
    public List<KerberosAuthData> getUserAuthorizations() {

     */
    public final SID getOwnerGroupSid() {
        return this.ownerGroupSid;
    }

    /**
     * Gets the owner user SID of this security descriptor.
     *
     * @return the security identifier of the owner user
     */
    public final SID getOwnerUserSid() {
        return this.ownerUserSid;
    }

    /**
     * Decodes a security descriptor from a byte buffer.

     */
    public static byte[] getLMv2Response(final String domain, final String user, final String password, final byte[] challenge,
            final byte[] clientChallenge) throws GeneralSecurityException {
        return getLMv2Response(domain, user, getNTHash(password), challenge, clientChallenge);
    }

    /**
     * Creates the LMv2 response for the supplied information.

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jcifs.util.Hexdump;

/**
 * Privilege Attribute Certificate (PAC) decoder for Kerberos tickets.
 * Parses and validates PAC data structures containing user authorization information
 * from Active Directory Kerberos tickets.
 */
public class Pac {

    private static final Logger log = LoggerFactory.getLogger(Pac.class);

    private PacLogonInfo logonInfo;

     * Returns the username for the authenticating user.
     *
     * @return A <code>String</code> containing the user for this message.
     */
    public String getUser() {
        return this.user;
    }

    /**
     * Sets the user for this message.
     *
     * @param user
     *            The user.
     */
    public void setUser(final String user) {
        this.user = user;
    }

 * we recommend reading the section on Access Control in Keith Brown's
 * "The .NET Developer's Guide to Windows Security" (which is also
 * available online).
 * <p>
 * Direct ACEs are evaluated first in order. The SID of the user performing
 * the operation and the desired access bits are compared to the SID
 * and access mask of each ACE. If the SID matches, the allow/deny flags
 * and access mask are considered. If the ACE is a "deny"

                    pass = userInfo.substring(i + 1);
                    break;
                }
            }
            user = userInfo.substring(u, i);
        }

        this.domain = dom != null ? dom : defDomain != null ? defDomain : "";
        this.username = user != null ? user : defUser != null ? defUser : "";

                    }
                    index = user.indexOf('\\');
                    if (index == -1) {
                        index = user.indexOf('/');
                    }
                    domain = index != -1 ? user.substring(0, index) : domain;
                    user = index != -1 ? user.substring(index + 1) : user;
                }
                if (user == null) {