diff --git a/server/core/adminusers.cc b/server/core/adminusers.cc
index dd5070629..fc733a46b 100644
--- a/server/core/adminusers.cc
+++ b/server/core/adminusers.cc
@@ -38,7 +38,6 @@ static const char *admin_add_user(USERS** pusers, const char* fname,
                                   const char* uname, const char* password);
 static const char* admin_remove_user(USERS *users, const char* fname,
                                      const char *uname, const char *passwd);
-static bool admin_search_user(USERS *users, const char *uname);
 
 
 
@@ -89,11 +88,12 @@ static const char *admin_add_user(USERS** pusers, const char* fname,
         }
         fclose(fp);
     }
-    if (users_fetch(*pusers, (char*)uname) != NULL) // TODO: Make users const correct.
+
+    if (!users_add(*pusers, uname, password ? password : ""))
     {
         return ADMIN_ERR_DUPLICATE;
     }
-    users_add(*pusers, (char*)uname, password ? (char*)password : ""); // TODO: Make users const correct.
+
     if ((fp = fopen(path, "a")) == NULL)
     {
         MXS_ERROR("Unable to append to password file %s.", path);
@@ -130,7 +130,7 @@ static const char* admin_remove_user(USERS *users, const char* fname,
         return ADMIN_ERR_DELROOT;
     }
 
-    if (!admin_search_user(users, uname))
+    if (!users_find(users, uname))
     {
         MXS_ERROR("Couldn't find user %s. Removing user failed.", uname);
         return ADMIN_ERR_USERNOTFOUND;
@@ -147,7 +147,7 @@ static const char* admin_remove_user(USERS *users, const char* fname,
     }
 
     /** Remove user from in-memory structure */
-    users_delete(users, (char*)uname); // TODO: Make users const correct.
+    users_delete(users, uname);
 
     /**
      * Open passwd file and remove user from the file.
@@ -273,45 +273,6 @@ static const char* admin_remove_user(USERS *users, const char* fname,
     return ADMIN_SUCCESS;
 }
 
-/**
- * Check for existance of the user
- *
- * @param uname The user name to test
- * @return      True if the user exists
- */
-static bool admin_search_user(USERS *users, const char *uname)
-{
-    return (users_fetch(users, (char*)uname) != NULL); // TODO: Make users const correct.
-}
-
-/**
- */
-void dcb_print_users(DCB *dcb, const char* heading, USERS *users)
-{
-    dcb_printf(dcb, "%s", heading);
-
-    if (users)
-    {
-        HASHITERATOR *iter = hashtable_iterator(users->data);
-
-        if (iter)
-        {
-            const char *sep = "";
-            const char *user;
-
-            while ((user = (const char*)hashtable_next(iter)) != NULL)
-            {
-                dcb_printf(dcb, "%s%s", sep, user);
-                sep = ", ";
-            }
-
-            hashtable_iterator_free(iter);
-        }
-    }
-
-    dcb_printf(dcb, "%s", "\n");
-}
-
 static json_t* admin_user_json_data(const char* host, const char* user, enum user_type user_type)
 {
     ss_dassert(user_type != USER_TYPE_ALL);
@@ -330,15 +291,16 @@ static json_t* admin_user_json_data(const char* host, const char* user, enum use
 
 static void user_types_to_json(USERS* users, json_t* arr, const char* host, enum user_type type)
 {
-    const char* user;
-    HASHITERATOR *iter = hashtable_iterator(users->data);
+    json_t* json = users_diagnostic_json(users);
+    size_t index;
+    json_t* value;
 
-    while ((user = (const char*)hashtable_next(iter)))
+    json_array_foreach(json, index, value)
     {
-        json_array_append_new(arr, admin_user_json_data(host, user, type));
+        json_array_append_new(arr, admin_user_json_data(host, json_string_value(value), type));
     }
 
-    hashtable_iterator_free(iter);
+    json_decref(json);
 }
 
 static std::string path_from_type(enum user_type type)
@@ -507,7 +469,7 @@ bool admin_linux_account_enabled(const char *uname)
     }
     else if (linux_users)
     {
-        rv = admin_search_user(linux_users, uname);
+        rv = users_find(linux_users, uname);
     }
 
     return rv;
@@ -573,7 +535,7 @@ bool admin_inet_user_exists(const char *uname)
 
     if (inet_users)
     {
-        rv = admin_search_user(inet_users, uname);
+        rv = users_find(inet_users, uname);
     }
 
     return rv;
@@ -594,18 +556,9 @@ admin_verify_inet_user(const char *username, const char *password)
 
     if (inet_users)
     {
-        const char* pw = users_fetch(inet_users, (char*)username); // TODO: Make users const-correct.
-
-        if (pw)
-        {
-            char cpassword[MXS_CRYPT_SIZE];
-            mxs_crypt(password, ADMIN_SALT, cpassword);
-
-            if (strcmp(pw, cpassword) == 0)
-            {
-                rv = true;
-            }
-        }
+        char cpassword[MXS_CRYPT_SIZE];
+        mxs_crypt(password, ADMIN_SALT, cpassword);
+        rv = users_auth(inet_users, username, cpassword);
     }
     else
     {
@@ -626,6 +579,17 @@ admin_verify_inet_user(const char *username, const char *password)
  */
 void dcb_PrintAdminUsers(DCB *dcb)
 {
-    dcb_print_users(dcb, "Enabled Linux accounts (secure)    : ", linux_users);
-    dcb_print_users(dcb, "Created network accounts (insecure): ", inet_users);
+    dcb_printf(dcb, "Enabled Linux accounts (secure):\n");
+
+    if (linux_users)
+    {
+        users_diagnostic(dcb, linux_users);
+    }
+
+    dcb_printf(dcb, "Created network accounts (insecure):\n");
+
+    if (inet_users)
+    {
+        users_diagnostic(dcb, inet_users);
+    }
 }
diff --git a/server/core/test/testusers.cc b/server/core/test/testusers.cc
index 695ed2305..f99e89c39 100644
--- a/server/core/test/testusers.cc
+++ b/server/core/test/testusers.cc
@@ -34,20 +34,12 @@
 #include <string.h>
 
 #include <maxscale/users.h>
-
 #include <maxscale/log_manager.h>
 
-/**
- * test1    Allocate table of users and mess around with it
- *
-  */
-
-static int
-test1()
+static int test1()
 {
-    USERS      *users;
-    const char *authdata;
-    int        result, count;
+    USERS* users;
+    bool rv;
 
     /* Poll tests */
     ss_dfprintf(stderr,
@@ -56,33 +48,24 @@ test1()
     mxs_log_flush_sync();
     ss_info_dassert(NULL != users, "Allocating user table should not return NULL.");
     ss_dfprintf(stderr, "\t..done\nAdd a user");
-    count = users_add(users, "username", "authorisation");
+    rv = users_add(users, "username", "authorisation");
     mxs_log_flush_sync();
-    ss_info_dassert(1 == count, "Should add one user");
-    authdata = users_fetch(users, "username");
+    ss_info_dassert(rv, "Should add one user");
+    rv = users_auth(users, "username", "authorisation");
     mxs_log_flush_sync();
-    ss_info_dassert(NULL != authdata, "Fetch valid user must not return NULL");
-    ss_info_dassert(0 == strcmp("authorisation", authdata), "User authorisation should be correct");
-    ss_dfprintf(stderr, "\t..done\nPrint users");
-    usersPrint(users);
+    ss_info_dassert(rv, "Fetch valid user must not return NULL");
+    rv = users_auth(users, "username", "newauth");
     mxs_log_flush_sync();
-    ss_dfprintf(stderr, "\t..done\nUpdate a user");
-    count = users_update(users, "username", "newauth");
-    mxs_log_flush_sync();
-    ss_info_dassert(1 == count, "Should update just one user");
-    authdata = users_fetch(users, "username");
-    mxs_log_flush_sync();
-    ss_info_dassert(NULL != authdata, "Fetch valid user must not return NULL");
-    ss_info_dassert(0 == strcmp("newauth", authdata), "User authorisation should be correctly updated");
+    ss_info_dassert(rv, "Fetch valid user must not return NULL");
 
     ss_dfprintf(stderr, "\t..done\nAdd another user");
-    count = users_add(users, "username2", "authorisation2");
+    rv = users_add(users, "username2", "authorisation2");
     mxs_log_flush_sync();
-    ss_info_dassert(1 == count, "Should add one user");
+    ss_info_dassert(rv, "Should add one user");
     ss_dfprintf(stderr, "\t..done\nDelete a user.");
-    count = users_delete(users, "username");
+    rv = users_delete(users, "username");
     mxs_log_flush_sync();
-    ss_info_dassert(1 == count, "Should delete just one user");
+    ss_info_dassert(rv, "Should delete just one user");
     ss_dfprintf(stderr, "\t..done\nFree user table.");
     users_free(users);
     mxs_log_flush_sync();
diff --git a/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.c b/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.c
index 87680c992..c1ad0bdde 100644
--- a/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.c
+++ b/server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.c
@@ -202,28 +202,27 @@ MXS_MODULE* MXS_CREATE_MODULE()
  * @return Authentication status
  * @note Authentication status codes are defined in cdc.h
  */
-static int cdc_auth_check(DCB *dcb, CDC_protocol *protocol, char *username, uint8_t *auth_data,
-                          unsigned int *flags)
+static int cdc_auth_check(DCB *dcb, CDC_protocol *protocol, char *username,
+                          uint8_t *auth_data, unsigned int *flags)
 {
+    int rval = CDC_STATE_AUTH_FAILED;
+
     if (dcb->listener->users)
     {
-        const char *user_password = users_fetch(dcb->listener->users, username);
+        /* compute SHA1 of auth_data */
+        uint8_t sha1_step1[SHA_DIGEST_LENGTH] = "";
+        char hex_step1[2 * SHA_DIGEST_LENGTH + 1] = "";
 
-        if (user_password)
+        gw_sha1_str(auth_data, SHA_DIGEST_LENGTH, sha1_step1);
+        gw_bin2hex(hex_step1, sha1_step1, SHA_DIGEST_LENGTH);
+
+        if (users_auth(dcb->listener->users, username, hex_step1))
         {
-            /* compute SHA1 of auth_data */
-            uint8_t sha1_step1[SHA_DIGEST_LENGTH] = "";
-            char hex_step1[2 * SHA_DIGEST_LENGTH + 1] = "";
-
-            gw_sha1_str(auth_data, SHA_DIGEST_LENGTH, sha1_step1);
-            gw_bin2hex(hex_step1, sha1_step1, SHA_DIGEST_LENGTH);
-
-            return memcmp(user_password, hex_step1, SHA_DIGEST_LENGTH) == 0 ?
-                   CDC_STATE_AUTH_OK : CDC_STATE_AUTH_FAILED;
+            rval = CDC_STATE_AUTH_OK;
         }
     }
 
-    return CDC_STATE_AUTH_FAILED;
+    return rval;
 }
 
 /**