diff --git a/src/client/lib/authd_api.cr b/src/client/lib/authd_api.cr
index 28e4dd7..da8a8fb 100644
--- a/src/client/lib/authd_api.cr
+++ b/src/client/lib/authd_api.cr
@@ -1,13 +1,16 @@
 
-def authd_get_token(key_file : String? = nil, login : String? = nil, pass : String? = nil)
+def authd_get_token(login : String? = nil, pass : String? = nil)
 	authd = AuthD::Client.new
-	key_file.try do |file| # FIXME: fail if missing?
-		authd.key = File.read(file).chomp
+
+	response = authd.login? login, pass
+	case response
+	when Response::Login
+		authd.close
+		uid = response.uid
+		token = response.token
+		Baguette::Log.info "Authenticated as #{login} #{uid}, token: #{token}"
+		return token
 	end
-
-	token = authd.get_token? login, pass
-	raise "cannot get a token" if token.nil?
 	authd.close
-
-	token
+	raise "Cannot authenticate to authd with login #{login}: #{response}."
 end
diff --git a/src/client/lib/dnsmanager-client.cr b/src/client/lib/dnsmanager-client.cr
index bc5f4f5..d3da439 100644
--- a/src/client/lib/dnsmanager-client.cr
+++ b/src/client/lib/dnsmanager-client.cr
@@ -85,8 +85,8 @@ class DNSManager::Client < IPC
 	# Admin stuff.
 	#
 
-	def admin_maintenance(key : String, subject : Request::Maintenance::Subject, value : Int32? = nil)
-		request = Request::Maintenance.new(key,subject)
+	def admin_maintenance(subject : Request::Maintenance::Subject, value : Int32? = nil)
+		request = Request::Maintenance.new(subject)
 		if value
 			request.value = value
 		end
diff --git a/src/client/main.cr b/src/client/main.cr
index c67eeb7..e6d3510 100644
--- a/src/client/main.cr
+++ b/src/client/main.cr
@@ -25,12 +25,11 @@ end
 class Actions
 	property the_call     = {} of String => Proc(Nil)
 	property dnsmanagerd  : DNSManager::Client
-	#property authd        : AuthD::Client
+	property authd        : AuthD::Client
 	#property authd_config : Baguette::Configuration::Auth
-	property authd_key    : String? = nil
 	property config       : Baguette::Configuration::DNSManager
 
-	def initialize(@dnsmanagerd, @config, @authd_key = nil)
+	def initialize(@dnsmanagerd, @config)
 		#
 		# Admin section.
 		#
@@ -49,6 +48,8 @@ class Actions
 		@the_call["user-rr-del"]       = ->user_rr_del
 
 		@the_call["user-domain-list"]  = ->user_domain_list
+
+		@authd = AuthD::Client.new
 	end
 
 	def admin_maintenance
@@ -66,11 +67,11 @@ class Actions
 				if past_is_verbosity
 					sub   = DNSManager::Request::Maintenance::Subject::Verbosity
 					value = subject.to_i
-					@dnsmanagerd.admin_maintenance authd_key.not_nil!, sub, value
+					@dnsmanagerd.admin_maintenance sub, value
 				else
 					sub   = DNSManager::Request::Maintenance::Subject.parse(subject)
 					pp! sub
-					pp! @dnsmanagerd.admin_maintenance authd_key.not_nil!, sub
+					pp! @dnsmanagerd.admin_maintenance sub
 				end
 			rescue e
 				puts "error for admin_maintenance #{subject}: #{e.message}"
@@ -175,9 +176,6 @@ def main
 		# Configuration file is for dnsmanagerd.
 		Baguette::Configuration::Auth.get || Baguette::Configuration::Auth.new
 	end
-	if key_file = authd_config.shared_key_file
-		authd_config.shared_key = File.read(key_file).chomp
-	end
 
 	# Authd configuration.
 	config = if no_configuration
@@ -216,8 +214,7 @@ def main
 		Baguette::Log.info "logged."
 	end
 
-	#authd = AuthD::Client.new
-	actions = Actions.new dnsmanagerd, config, authd_config.shared_key
+	actions = Actions.new dnsmanagerd, config
 
 	# Now we did read the intent, we should proceed doing what was asked.
 	begin
@@ -228,7 +225,6 @@ def main
 
 	# dnsmanagerd disconnection
 	dnsmanagerd.close
-	#authd.close
 rescue e
 	Baguette::Log.info "Exception: #{e}"
 end
diff --git a/src/client/parser.cr b/src/client/parser.cr
index c6c3ad6..295cfd3 100644
--- a/src/client/parser.cr
+++ b/src/client/parser.cr
@@ -14,13 +14,6 @@ end
 
 def parsing_cli(authd_config : Baguette::Configuration::Auth)
 
-	opt_authd_admin = -> (parser : OptionParser, authd_config : Baguette::Configuration::Auth) {
-		parser.on "-k file", "--key-file file", "Read the authd shared key from a file." do |file|
-			authd_config.shared_key  = File.read(file).chomp
-			Baguette::Log.info "Key for admin operations: #{authd_config.shared_key}."
-		end
-	}
-
 	# frequently used functions
 	opt_authd_login = -> (parser : OptionParser, authd_config : Baguette::Configuration::Auth) {
 		parser.on "-l LOGIN", "--login LOGIN", "Authd user login." do |login|
@@ -96,8 +89,6 @@ def parsing_cli(authd_config : Baguette::Configuration::Auth)
 		# Admin section.
 		parser.on "admin", "Admin operations." do
 			parser.banner = "Admin operations (requires secret via -k)."
-			# All admin operations require the shared key.
-			opt_authd_admin.call parser, authd_config
 
 			# Maintenance.
 			parser.on("maintenance", "Maintenance operation of the website.") do
diff --git a/src/requests/admin.cr b/src/requests/admin.cr
index 8d82f4e..c80ef81 100644
--- a/src/requests/admin.cr
+++ b/src/requests/admin.cr
@@ -6,16 +6,15 @@ class DNSManager::Request
 			Verbosity      # Change the verbosity of dnsmanagerd.
 		end
 
-		property key : String
 		property subject : Subject
 		property value : Int32?
 
-		def initialize(@key, @subject)
+		def initialize(@subject)
 		end
 
 		def handle(dnsmanagerd : DNSManager::Service, event : IPC::Event) : IPC::JSON
 			# This request means serious business.
-			raise AdminAuthorizationException.new if key != dnsmanagerd.authd.key
+			# TODO: check for admin.
 
 			case @subject
 			when Subject::Verbosity
diff --git a/src/requests/login.cr b/src/requests/login.cr
index ac08176..5e9ef53 100644
--- a/src/requests/login.cr
+++ b/src/requests/login.cr
@@ -6,15 +6,18 @@ class DNSManager::Request
 		end
 
 		def handle(dnsmanagerd : DNSManager::Service, event : IPC::Event)
-			user, _ = dnsmanagerd.decode_token token
-			dnsmanagerd.logged_users[event.fd] = user
-
-			return dnsmanagerd.storage.ensure_user_data user.uid
-
-			# In case we want to log their last connection.
-			#dnsmanagerd.auth.edit_profile_content user.uid, {
-			#	"dnsmanager-last-connection" => JSON::Any.new Time.utc.to_s
-			#}
+			response = dnsmanagerd.decode_token token
+			case response
+			when AuthD::Response::User
+				dnsmanagerd.logged_users[event.fd] = response.user
+				# In case we want to log their last connection.
+				#dnsmanagerd.auth.edit_profile_content user.uid, {
+				#	"dnsmanager-last-connection" => JSON::Any.new Time.utc.to_s
+				#}
+				dnsmanagerd.storage.ensure_user_data response.user.uid
+			else
+				Response::ErrorInvalidToken.new
+			end
 		rescue e
 			# FIXME: Should those be logged?
 			Response::Error.new "unauthorized"
diff --git a/src/responses/error.cr b/src/responses/error.cr
index 5c506be..9d51538 100644
--- a/src/responses/error.cr
+++ b/src/responses/error.cr
@@ -6,4 +6,10 @@ class DNSManager::Response
 		end
 	end
 	DNSManager.responses << Error
+
+	IPC::JSON.message ErrorInvalidToken, 2 do
+		def initialize()
+		end
+	end
+	DNSManager.responses << ErrorInvalidToken
 end