Add a command to authenticate a service account (access key)

[jsabater]

Currently, the MinIO client mc allows getting information about a given service account via the mc admin user svcacct info command. By parsing the content one can check whether a service account (a.k.a. access key) is active or does not exist, among other things.

I would like to suggest adding a new option to this command to be able to validate the credentials of a given service account, so that it would fail if the provided password (a.k.a. secret key) has changed. Example:

mc admin user svcacct auth ACCESSKEY SECRETKEY

This could return, for example, 0 if it succeeded, 1 if it failed and 2 if the service account does not exist.

Thanks.

[jsabater]

This command would not require any additional permissions for the service account to be run, as it would already be an implicit requirement for it to do whatever it would be already doing, e.g., listing the contents of a private bucket.

[jiuker]

I think there is a security vulnerability here. If I find that the account exists, I can keep retrying the password and potentially hack into the account in theory. @harshavardhana