diff --git a/api.go b/api.go
index 1ddb4ea..6bff15d 100644
--- a/api.go
+++ b/api.go
@@ -30,8 +30,7 @@ func checkLoginAPI(w http.ResponseWriter, r *http.Request) (*LoginStatus, error)
 
 	l := ldapOpen(w)
 	if l == nil {
-		log.Println(l)
-		http.Error(w, "Internal server error", http.StatusInternalServerError)
+		log.Println("Unable to open LDAP connection")
 		return nil, errors.New("Unable to open LDAP connection")
 	}
 
@@ -154,7 +153,7 @@ func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) {
 func buildBucketRequest(w http.ResponseWriter, r *http.Request) (*BucketRequest, error) {
 	_, s3key, err := checkLoginAndS3API(w, r)
 	if err != nil {
-		http.Error(w, "Unable to connect on LDAP", http.StatusUnauthorized)
+		//http.Error(w, "Unable to connect on LDAP", http.StatusUnauthorized)
 		return nil, err
 	}
 
diff --git a/cli.go b/cli.go
new file mode 100644
index 0000000..df11460
--- /dev/null
+++ b/cli.go
@@ -0,0 +1,44 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+   	"syscall"
+	"golang.org/x/term"
+)
+
+var fsCli = flag.NewFlagSet("cli", flag.ContinueOnError)
+var passFlag = fsCli.Bool("passwd", false, "Tool to generate a guichet-compatible password hash")
+
+func cliMain(args []string) {
+	if err := fsCli.Parse(args); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+
+	if *passFlag {
+		cliPasswd()
+	} else {
+		fsCli.PrintDefaults()
+		os.Exit(1)
+	}
+}
+
+func cliPasswd() {
+	fmt.Print("Password: ")
+    	bytepw, err := term.ReadPassword(int(syscall.Stdin))
+    	if err != nil {
+		fmt.Println(err)
+        	os.Exit(1)
+    	}
+    	pass := string(bytepw)
+
+	hash, err := SSHAEncode(pass)
+    	if err != nil {
+		fmt.Println(err)
+        	os.Exit(1)
+    	}
+
+	fmt.Println(hash)
+}
diff --git a/go.mod b/go.mod
index bacf791..56bd9f6 100644
--- a/go.mod
+++ b/go.mod
@@ -14,6 +14,7 @@ require (
 	github.com/minio/minio-go/v7 v7.0.0
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
 	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
+	golang.org/x/term v0.12.0
 )
 
 require (
@@ -29,7 +30,7 @@ require (
 	github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 // indirect
 	golang.org/x/net v0.0.0-20200822124328-c89045814202 // indirect
 	golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558 // indirect
-	golang.org/x/sys v0.0.0-20200803210538-64077c9b5642 // indirect
+	golang.org/x/sys v0.12.0 // indirect
 	golang.org/x/text v0.3.3 // indirect
 	google.golang.org/appengine v1.6.6 // indirect
 	google.golang.org/protobuf v1.25.0 // indirect
diff --git a/go.sum b/go.sum
index 3e2e72d..ae748fd 100644
--- a/go.sum
+++ b/go.sum
@@ -278,8 +278,11 @@ golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642 h1:B6caxRw+hozq68X2MY7jEpZh/cr4/aHLv9xU8Kkadrw=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
diff --git a/main.go b/main.go
index 8bfb2f8..c809d25 100644
--- a/main.go
+++ b/main.go
@@ -58,7 +58,8 @@ type ConfigFile struct {
 	S3Bucket    string `json:"s3_bucket"`
 }
 
-var configFlag = flag.String("config", "./config.json", "Configuration file path")
+var fsServer = flag.NewFlagSet("server", flag.ContinueOnError)
+var configFlag = fsServer.String("config", "./config.json", "Configuration file path")
 
 var config *ConfigFile
 
@@ -114,8 +115,25 @@ func getTemplate(name string) *template.Template {
 }
 
 func main() {
-	flag.Parse()
+	if len(os.Args) < 2 {
+		server(os.Args[1:])
+		return
+	}
 
+	switch os.Args[1] {
+		case "cli":
+			cliMain(os.Args[2:])
+		case "server":
+			server(os.Args[2:])
+		default:
+			log.Println("Usage: guichet [server|cli] --help")
+			os.Exit(1)
+	}
+}
+
+func server(args []string) {
+	log.Println("Starting Guichet Server")
+	fsServer.Parse(args)
 	config_file := readConfig()
 	config = &config_file