pbs_tfa_delete
Permanently remove a TFA entry from a PBS user. Run with confirm=false to preview lockout and takeover risks before executing.
Instructions
MUTATION (HIGH, IRREVERSIBLE): permanently remove one TFA factor from a user. HIGH because
it WEAKENS authentication — an account-takeover enabler, and a lockout if it's the user's last
factor on a TFA-required realm. Dry-run by default — the PLAN flags the permanence and the
takeover/lockout risk. password, if supplied, is redacted identically to pbs_tfa_add's.
confirm=True executes and returns a dict; synchronous, no UPID. Needs PROXIMO_PBS_* config.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| tfa_id | Yes | TFA entry id to remove. | |
| userid | Yes | PBS user id, format 'user@realm'. | |
| confirm | No | False (default) returns a dry-run PLAN preview; True executes the mutation. | |
| password | No | The ACTING user's own current password; redacted from all plans/logs/ledger. | |
| proximo_target | No | Which configured Proxmox target to run this call against — a target name from your multi-target config (a specific PVE/PBS/PMG/PDM box). Omit to use the single/default target from the environment; the selection applies only to this call. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |