diff --git a/clientsdb.py b/clientsdb.py
index 48afd05..b7e6ecd 100644
--- a/clientsdb.py
+++ b/clientsdb.py
@@ -4,12 +4,14 @@
 
 #import site packages
 import json
+import hmac
+import bcrypt
 
 #import local packages
 import ioconfig
 import utils
 
-def addclient(vmid, vmname, clientid, clientname, srvuser, srvpass):
+def addclient(vmid, vmname, clientid, clientname, srvpass):
     """ add new client to the clientsdb.json """
     clientsdb = readclientsdb()
 
@@ -21,12 +23,73 @@ def addclient(vmid, vmname, clientid, clientname, srvuser, srvpass):
         newclient = { str(clientid):vcard }
         clientsdb.update(newclient)
     ioconfig.logger.info('clients> vmid ' + vmid + ' will be owned by ' + clientid + ' (' + clientname + ')')
-    vmdata = { 'name':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) }
+    vmdata = { 'hostname':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) }
     clientsdb[str(clientid)][str(vmid)] = vmdata
 
     writeclientsdb(clientsdb)
 
 
+def validate(vmname, srvpass):
+    """ return true or false if credentials match something in clientdb. useful for authing extrnal admin panels """
+    try:
+        clientsdb = readclientsdb()
+        path = utils.find_key(clientsdb, vmname)
+        c_id = str(path[0])
+        v_id = str(path[1])
+        #check the returned path with forward query
+        query = clientsdb[c_id][v_id]['hostname']
+    except:
+        return False
+
+    #double check
+    if query != vmname:
+        return False
+    else:
+        #try to capture the encrypted password
+        try:
+            encpass = clientsdb[c_id][v_id]['encpasswd']
+        except:
+            return False
+
+        #compare it with the requested password
+        b_srvpass = srvpass.encode('utf-8')
+        b_encpass = encpass.encode('utf-8')
+        if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)):
+            #login successful
+            ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id))
+            print('the gates are open!')
+            return True
+
+    print('boo.')
+    return False
+
+
+def setencpasswd(vmname, newpass):
+    """ setup a new management password """
+    salt = bcrypt.gensalt()
+    b_newpass = newpass.encode('utf-8')
+    encpasswd = bcrypt.hashpw(b_newpass, salt).decode('utf-8')
+
+    try:
+        clientsdb = readclientsdb()
+        print(clientsdb)
+        path = utils.find_key(clientsdb, vmname)
+        print(path)
+        c_id = str(path[0])
+        v_id = str(path[1])
+        #check the returned path with forward query
+        query = clientsdb[c_id][v_id]['hostname']
+    except:
+        raise
+
+    if query != vmname:
+        raise
+    else:
+        clientsdb[c_id][v_id]['encpasswd'] = encpasswd
+        ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its password changed!'.format(query, c_id, v_id))
+        writeclientsdb(clientsdb)
+
+
 def vmowner(vmid, vmname, verbose):
     """ find the owner of the vm """
     clientsdb = readclientsdb()
@@ -61,3 +124,7 @@ def writeclientsdb(clientsdb):
         json.dump(clientsdb, dbw)
     dbw.close()
 
+
+if __name__ == '__main__':
+    setencpasswd('srv.test1.com', 'todos')
+    validate('srv.test1.com', 'todos')
diff --git a/plugin.py b/plugin.py
index 7d011d6..89d94bf 100644
--- a/plugin.py
+++ b/plugin.py
@@ -119,9 +119,8 @@ def vmcreate(req):
     #populate the client db and vm journal
     client_id = req['clientid']
     client_name = req['clientname']
-    srv_user = req['username']
     srv_pass = req['password']
-    clientsdb.addclient(vm_id, vm_name, client_id, client_name, srv_user, srv_pass)
+    clientsdb.addclient(vm_id, vm_name, client_id, client_name, srv_pass)
     journaldb.createjnode(vm_id, region_id, slave_id)
 
     #start the machihe
diff --git a/utils.py b/utils.py
index aae9bc2..7d41de8 100644
--- a/utils.py
+++ b/utils.py
@@ -51,18 +51,15 @@ def get_rec(search_dict, field):
     return fields_found
 
 
-def gen_dict_extract(key, var):
-    if hasattr(var,'iteritems'):
-        for k, v in var.iteritems():
-            if k == key:
-                yield v
-            if isinstance(v, dict):
-                for result in gen_dict_extract(key, v):
-                    yield result
-            elif isinstance(v, list):
-                for d in v:
-                    for result in gen_dict_extract(key, d):
-                        yield result
+def find_key(search_dict, key):
+    """ takes a nested dict and returns the path for the searched value """
+    for k,v in search_dict.items():
+        if isinstance(v,dict):
+            p = find_key(v,key)
+            if p:
+                return [k] + p
+        elif v == key:
+            return [k]
 
 
 def chained_get(dct, *keys):