- `inputS3Url` – A presigned URL that the Lambda function can use to download the original object. By using a presigned URL, the Lambda function doesn't need to have MinIO credentials to retrieve the original object. This allows Lambda function to focus on transformation of the object instead of securing the credentials.

function __init__() {
	echo "Initializing environment"
	mkdir -p "$WORK_DIR"
	mkdir -p "$MINIO_CONFIG_DIR"

	## version is purposefully set to '3' for minio to migrate configuration file
	echo '{"version": "3", "credential": {"accessKey": "minio", "secretKey": "minio123"}, "region": "us-east-1"}' >"$MINIO_CONFIG_DIR/config.json"

	if [ ! -f /tmp/mc ]; then
		wget --quiet -O /tmp/mc https://dl.minio.io/client/mc/release/linux-amd64/mc &&

# MinIO Admin Multi-user Quickstart Guide [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)

MinIO supports multiple admin users in addition to default operator credential created during server startup. New admins can be added after server starts up, and server can be configured to deny or allow access to different admin operations for these users. This document explains how to add/remove admin users and modify their access rights.

## Get started

      Request
        .Builder()
        .url(server.url("/"))
        .method("POST", body.toRequestBody(null))
        .build()
    val credential = basic("jesse", "secret")
    client =
      client
        .newBuilder()
        .authenticator(RecordingOkAuthenticator(credential, null))
        .build()
    val response = client.newCall(request).execute()
    assertThat(response.code).isEqualTo(200)

	// Not allowed to add a user with same access key as root credential
	if accessKey == globalActiveCred.AccessKey {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL)
		return
	}

	user, exists := globalIAMSys.GetUser(ctx, accessKey)
	if exists && (user.Credentials.IsTemp() || user.Credentials.IsServiceAccount()) {
		// Updating STS credential is not allowed, and this API does not

	LastHour    ReplicationLastHour `json:"lastHour"`
	SinceUptime RStat               `json:"sinceUptime"`
	LastMinute  ReplicationLastMinute
	// Error counts
	ErrCounts map[string]int `json:"errCounts"` // Count of credential errors
}

func (rt *RTimedMetrics) String() string {
	s := rt.toMetric()
	return fmt.Sprintf("Errors in LastMinute: %v, LastHour: %v, SinceUptime: %v", s.LastMinute.Count, s.LastHour.Count, s.Totals.Count)
}

    server.enqueue(
      MockResponse(code = 401),
    )
    server.enqueue(MockResponse())
    val credential = basic("jesse", "secret")
    client =
      client
        .newBuilder()
        .authenticator(RecordingOkAuthenticator(credential, null))
        .build()
    val response =
      getResponse(
        Request(
          url = server.url("/"),

import javax.security.auth.login.LoginException;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jcifs.CIFSException;

/**
 * JAAS kerberos authenticator
 *
 * Either configure JAAS for credential caching or reuse a single instance of this authenticator -otherwise you won't
 * get proper ticket caching.
 *
 * Be advised that short/NetBIOS name usage is not supported with this authenticator. Always specify full FQDNs/Realm.

        }

        return new String(out, 0, j);
    }

    /**
     * Check if the given mechanism is preferred for this credential
     *
     * @param mechanism the mechanism to check
     * @return whether the given mechanism is the preferred one for this credential
     */
    public boolean isPreferredMech(ASN1ObjectIdentifier mechanism) {
        return NtlmContext.NTLMSSP_OID.equals(mechanism);
    }

    private String user = null;
    /** The Kerberos realm */
    private String realm = null;
    /** The service principal name */
    private String service = DEFAULT_SERVICE;
    /** The user credential lifetime */
    private int userLifetime = GSSCredential.DEFAULT_LIFETIME;
    /** The security context lifetime */
    private int contextLifetime = GSSContext.DEFAULT_LIFETIME;