pve_tfa_delete
Remove a user's TFA factor on Proxmox VE. Dry-run by default; confirm=True to execute. This weakens account security and can lock the user out.
Instructions
MUTATION (HIGH RISK): delete a user's TFA factor. Dry-run by default — the PLAN shows how many
factors remain and warns this WEAKENS the account (and can lock the user out if it's the last
factor on a TFA-required realm). password (if PVE requires it) is passed through but never
logged. confirm=True to execute.
NOTE (live-verified PVE 9.1.7): PVE requires a ticket-based login session — NOT an API token —
to mutate TFA, returning 403 ... need proper ticket under token auth. Proximo is token-authed,
so this delete will 403 on PVE; the read tools (pve_tfa_get/pve_tfa_list) work normally.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| tfa_id | Yes | ||
| userid | Yes | ||
| confirm | No | ||
| password | No | ||
| proximo_target | No | Which configured Proxmox target to run this call against — a target name from your multi-target config (a specific PVE/PBS/PMG/PDM box). Omit to use the single/default target from the environment; the selection applies only to this call. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |