diff --git a/client/authws.ls b/client/authws.ls
index f41a329..d0f2eb7 100644
--- a/client/authws.ls
+++ b/client/authws.ls
@@ -14,6 +14,7 @@ AuthWS = (socket-url) ->
 		"get-extra":               6
 		"set-extra":               7
 		"update-password":         8
+		"list-users":              9
 	}
 
 	response-types = {
@@ -24,6 +25,7 @@ AuthWS = (socket-url) ->
 		"user-edited":             4
 		"extra":                   5
 		"extra-updated":           6
+		"users-list":              7
 	}
 
 	# TODO: naming convention
@@ -115,6 +117,11 @@ AuthWS = (socket-url) ->
 			new_password: new-password
 		}
 
+	self.list-users = (token) ->
+		self.send request-types[\list-users], JSON.stringify {
+			token: token
+		}
+
 	# TODO: authd overhaul required
 	#self.add-user = (login, password) ->
 	#	self.send request-types[\add-user], JSON.stringify {
diff --git a/client/index.ls b/client/index.ls
index afeba7a..4b47414 100644
--- a/client/index.ls
+++ b/client/index.ls
@@ -10,6 +10,7 @@ AuthWS = require "./authws.ls"
 
 LoginForm = require "./login-form.ls"
 UserConfigurationPanel = require "./user-configuration-panel.ls"
+UserAdminPanel = require "./user-admin-panel.ls"
 
 model = {
 	token: void
@@ -19,6 +20,7 @@ authws-url = "ws://localhost:9999/auth.JSON"
 
 document.add-event-listener \DOMContentLoaded ->
 	user-config-panel = void
+	user-admin-panel  = void
 
 	login-form = LoginForm {
 		enable-registration: true
@@ -28,17 +30,30 @@ document.add-event-listener \DOMContentLoaded ->
 			model.user := user
 			model.token := token
 
-			user-config-panel := UserConfigurationPanel {
-				authhw-url: authws-url
-				user: model.user
-				token: model.token
+			if user.groups.find (== "authd")
+				user-admin-panel := UserAdminPanel {
+					authws-url: authws-url
+					user: model.user
+					token: model.token
 
-				on-model-update: ->
-					projector.schedule-render!
-				on-logout: ->
-					model.token := void
-					model.user := void
-			}
+					on-model-update: ->
+						projector.schedule-render!
+					on-logout: ->
+						model.token := void
+						model.user := void
+				}
+			else
+				user-config-panel := UserConfigurationPanel {
+					authws-url: authws-url
+					user: model.user
+					token: model.token
+
+					on-model-update: ->
+						projector.schedule-render!
+					on-logout: ->
+						model.token := void
+						model.user := void
+				}
 
 			projector.schedule-render!
 		on-error: (error) ->
@@ -67,6 +82,11 @@ document.add-event-listener \DOMContentLoaded ->
 						user-config-panel.render!
 					]
 				]
+			else if user-admin-panel
+				h \div.section [
+					h \div.container [
+						user-admin-panel.render!
+					]
+				]
 		]
 
-
diff --git a/client/user-admin-panel.ls b/client/user-admin-panel.ls
new file mode 100644
index 0000000..69fa625
--- /dev/null
+++ b/client/user-admin-panel.ls
@@ -0,0 +1,63 @@
+{h} = require "maquette"
+
+AuthWS = require "./authws.ls"
+
+UserAdminPanel = (args) ->
+	self = {
+		token: args.token
+		authws-url: args.authws-url
+		on-logout: args.on-logout || ->
+		on-model-update: args.on-model-update || ->
+		users: []
+	}
+
+	authws = AuthWS self.authws-url
+
+	authws.socket.onopen = ->
+		authws.list-users self.token
+
+	authws.add-event-listener \users-list (message) ->
+		self.users = message.users
+
+		self.on-model-update!
+
+	self.render = ->
+		h \div.section [
+			h \div.container [
+				h \table.table.is-fullwidth [
+					h \thead [
+						h \tr [
+							h \th [ "Login" ]
+							h \th [ "UID" ]
+							h \th [ "GID" ]
+						]
+					]
+					h \tbody [
+						for user in self.users
+							h \tr {key: user.uid} [
+								h \td [
+									user.login
+								]
+								h \td [
+									user.uid.toString!
+								]
+								h \td [
+									user.gid.toString!
+								]
+							]
+					]
+				]
+			]
+			h \div.button {
+				onclick: ->
+					self.on-logout!
+					self.on-model-update!
+			} [
+				"Log out"
+			]
+		]
+
+	self
+
+module.exports = UserAdminPanel
+
diff --git a/src/authd.cr b/src/authd.cr
index 793398e..f5dba38 100644
--- a/src/authd.cr
+++ b/src/authd.cr
@@ -82,6 +82,12 @@ class AuthD::Response
 		initialize :user, :name, :extra
 	end
 
+	class UsersList < Response
+		property users  : Array(Passwd::User)
+
+		initialize :users
+	end
+
 	# This creates a Request::Type enumeration. One entry for each request type.
 	{% begin %}
 		enum Type
@@ -224,6 +230,11 @@ class AuthD::Request
 		property new_password : String
 	end
 
+	class Request::ListUsers < Request
+		property token : String?
+		property key : String?
+	end
+
 	# This creates a Request::Type enumeration. One entry for each request type.
 	{% begin %}
 		enum Type
diff --git a/src/main.cr b/src/main.cr
index 35e3637..6633f91 100644
--- a/src/main.cr
+++ b/src/main.cr
@@ -109,6 +109,22 @@ class AuthD::Service
 			@passwd.mod_user user.uid, password_hash: password_hash
 
 			Response::UserEdited.new user.uid
+		when Request::ListUsers
+			request.token.try do |token|
+				user = get_user_from_token token
+
+				return Response::Error.new "unauthorized" unless user
+
+				return Response::Error.new "unauthorized" unless user.groups.any? &.==("authd")
+			end
+
+			request.key.try do |key|
+				return Response::Error.new "unauthorized" unless key == @jwt_key
+			end
+
+			return Response::Error.new "unauthorized" unless request.key || request.token
+
+			Response::UsersList.new @passwd.get_all_users
 		else
 			Response::Error.new "unhandled request type"
 		end