Sebastián Ramírez <******@****.***> 1728247014 +0200

KEY:
policy_plugin  enable Access Management Plugin for policy enforcement

ARGS:
MINIO_POLICY_PLUGIN_URL*          (url)       plugin hook endpoint (HTTP(S)) e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"
MINIO_POLICY_PLUGIN_AUTH_TOKEN    (string)    authorization header for plugin hook endpoint
MINIO_POLICY_PLUGIN_ENABLE_HTTP2  (bool)      Enable experimental HTTP2 support to connect to plugin service (default: 'off')

### API Change

- Add auth API to get self subject attributes (new selfsubjectreviews API is added). 
  The corresponding command for kubctl is provided - `kubectl auth whoami`. ([#111333](https://github.com/kubernetes/kubernetes/pull/111333), [@nabokihms](https://github.com/nabokihms)) [SIG API Machinery, Auth, CLI and Testing]

Requests to a deprecated API are returned with a warning containing a target removal release and any replacement API.
Warnings can also be returned by [admission webhooks](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#admissionreview-response-warning),

The client-go credential plugins can now be passed in the current cluster information via the `KUBERNETES_EXEC_INFO` environment variable. Learn more about this on [client-go credential plugins documentation](https://docs.k8s.io/reference/access-authn-authz/authentication/#client-go-credential-plugins/).

### CronJob controller v2 is available through feature gate

- The `gcp` and `azure` auth plugins have been removed from client-go and kubectl. See https://github.com/Azure/kubelogin and https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke for details about the cloud-specific replacements. ([#110013](https://github.com/kubernetes/kubernetes/pull/110013), [@enj](https://github.com/enj)) [SIG API Machinery and Auth]

        FtpAuthentication auth = new FtpAuthentication();
        auth.setServer("hostname");
        auth.setPort(21);
        auth.setUsername("testuser");
        auth.setPassword("testpass");

        assertTrue(auth.matches("ftp://hostname:21/test/aaa.html"));
        assertTrue(auth.matches("ftp://hostname/test/aaa.html"));
        assertTrue(auth.matches("ftp://hostname:21/test"));

        if (DISABLED || auth.domain == "?")
            return null;

        if (_domains != null && System.currentTimeMillis() > _domains.expiration) {
            _domains = null;
        }
        if (_domains != null)
            return _domains.map;
        try {
            UniAddress addr = UniAddress.getByName(auth.domain, true);

public class NtlmContext {


    NtlmPasswordAuthentication auth;
    int ntlmsspFlags;
    String workstation;
    boolean isEstablished = false;
    byte[] serverChallenge = null;
    byte[] signingKey = null;
    String netbiosName = null;
    int state = 1;
    LogStream log;

    public NtlmContext(NtlmPasswordAuthentication auth, boolean doSigning) {
        this.auth = auth;
        this.ntlmsspFlags = ntlmsspFlags |

            }
        }
        t = new SmbTree( this, share, service );
        trees.addElement( t );
        return t;
    }
    boolean matches( NtlmPasswordAuthentication auth ) {
        return this.auth == auth || this.auth.equals( auth );
    }
    synchronized SmbTransport transport() {
        if( transport == null ) {
            transport = SmbTransport.getSmbTransport( address, port, localAddr, localPort, null );