use PVE::SafeSyslog;
use PVE::RPCEnvironment;
-use PVE::Cluster;
+use PVE::Cluster qw(cfs_read_file);
use PVE::RESTHandler;
use PVE::AccessControl;
use PVE::JSONSchema qw(get_standard_option);
($tmp eq 'root@pam' || $tmp eq $username)) {
# got valid ticket
# Note: root@pam can create tickets for other users
+
+ # test if user exists and is enabled
+ my $usercfg = cfs_read_file('user.cfg');
+ die "no such user ('$username')\n" if !user_enabled($usercfg, $username);
} else {
$username = PVE::AccessControl::authenticate_user($username, $param->{password});
}