remove wrong commit

16 files changed, 0 insertions, 671 deletions

diff --git a/server/modules/pam-hso/etc/ldap.conf b/server/modules/pam-hso/etc/ldap.conf
deleted file mode 100644
index 086e58c1..00000000
--- a/server/modules/pam-hso/etc/ldap.conf
+++ /dev/null
@@ -1,297 +0,0 @@
-###DEBCONF###
-##
-## Configuration of this file will be managed by debconf as long as the
-## first line of the file says '###DEBCONF###'
-##
-## You should use dpkg-reconfigure to configure this file via debconf
-##
-
-#
-# @(#)$Id: ldap.conf,v 1.38 2006/05/15 08:13:31 lukeh Exp $
-#
-# This is the configuration file for the LDAP nameservice
-# switch library and the LDAP PAM module.
-#
-# PADL Software
-# http://www.padl.com
-#
-
-# Your LDAP server. Must be resolvable without using LDAP.
-# Multiple hosts may be specified, each separated by a 
-# space. How long nss_ldap takes to failover depends on
-# whether your LDAP client library supports configurable
-# network or connect timeouts (see bind_timelimit).
-#host 127.0.0.1
-
-# The distinguished name of the search base.
-base o=fho
-
-# Another way to specify your LDAP server is to provide an
-uri ldaps://fs3.rz.hs-offenburg.de
-# Unix Domain Sockets to connect to a local LDAP Server.
-#uri ldap://127.0.0.1/
-#uri ldaps://127.0.0.1/   
-#uri ldapi://%2fvar%2frun%2fldapi_sock/
-# Note: %2f encodes the '/' used as directory separator
-
-# The LDAP version to use (defaults to 3
-# if supported by client library)
-ldap_version 3
-
-# The distinguished name to bind to the server with.
-# Optional: default is to bind anonymously.
-binddn cn=ldap_proxy_openslx,ou=misc,o=fho
-
-# The credentials to bind with. 
-# Optional: default is no credential.
-bindpw !N4ye,04u.!N4ye,04u.!N4ye,04u.
-
-# The distinguished name to bind to the server with
-# if the effective user ID is root. Password is
-# stored in /etc/ldap.secret (mode 600)
-#rootbinddn cn=manager,dc=padl,dc=com
-
-# The port.
-# Optional: default is 389.
-#port 389
-
-# The search scope.
-#scope sub
-#scope one
-#scope base
-
-# Search timelimit
-#timelimit 30
-
-# Bind/connect timelimit
-#bind_timelimit 30
-
-# Reconnect policy: hard (default) will retry connecting to
-# the software with exponential backoff, soft will fail
-# immediately.
-#bind_policy hard
-
-# Idle timelimit; client will close connections
-# (nss_ldap only) if the server has not been contacted
-# for the number of seconds specified below.
-#idle_timelimit 3600
-
-# Filter to AND with uid=%s
-#pam_filter objectclass=account
-
-# The user ID attribute (defaults to uid)
-#pam_login_attribute uid
-
-# Search the root DSE for the password policy (works
-# with Netscape Directory Server)
-#pam_lookup_policy yes
-
-# Check the 'host' attribute for access control
-# Default is no; if set to yes, and user has no
-# value for the host attribute, and pam_ldap is
-# configured for account management (authorization)
-# then the user will not be allowed to login.
-#pam_check_host_attr yes
-
-# Check the 'authorizedService' attribute for access
-# control
-# Default is no; if set to yes, and the user has no
-# value for the authorizedService attribute, and
-# pam_ldap is configured for account management
-# (authorization) then the user will not be allowed
-# to login.
-#pam_check_service_attr yes
-
-# Group to enforce membership of
-#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
-
-# Group member attribute
-#pam_member_attribute uniquemember
-
-# Specify a minium or maximum UID number allowed
-#pam_min_uid 0
-#pam_max_uid 0
-
-# Template login attribute, default template user
-# (can be overriden by value of former attribute
-# in user's entry)
-#pam_login_attribute userPrincipalName
-#pam_template_login_attribute uid
-#pam_template_login nobody
-
-# HEADS UP: the pam_crypt, pam_nds_passwd,
-# and pam_ad_passwd options are no
-# longer supported.
-#
-# Do not hash the password at all; presume
-# the directory server will do it, if
-# necessary. This is the default.
-pam_password md5
-
-# Hash password locally; required for University of
-# Michigan LDAP server, and works with Netscape
-# Directory Server if you're using the UNIX-Crypt
-# hash mechanism and not using the NT Synchronization
-# service. 
-#pam_password crypt
-
-# Remove old password first, then update in
-# cleartext. Necessary for use with Novell
-# Directory Services (NDS)
-#pam_password clear_remove_old
-#pam_password nds
-
-# RACF is an alias for the above. For use with
-# IBM RACF
-#pam_password racf
-
-# Update Active Directory password, by
-# creating Unicode password and updating
-# unicodePwd attribute.
-#pam_password ad
-
-# Use the OpenLDAP password change
-# extended operation to update the password.
-#pam_password exop
-
-# Redirect users to a URL or somesuch on password
-# changes.
-#pam_password_prohibit_message Please visit http://internal to change your password.
-
-# RFC2307bis naming contexts
-# Syntax:
-# nss_base_XXX		base?scope?filter
-# where scope is {base,one,sub}
-# and filter is a filter to be &'d with the
-# default filter.
-# You can omit the suffix eg:
-# nss_base_passwd	ou=People,
-# to append the default base DN but this
-# may incur a small performance impact.
-#nss_base_passwd	ou=People,dc=padl,dc=com?one
-#nss_base_shadow	ou=People,dc=padl,dc=com?one
-#nss_base_group		ou=Group,dc=padl,dc=com?one
-#nss_base_hosts		ou=Hosts,dc=padl,dc=com?one
-#nss_base_services	ou=Services,dc=padl,dc=com?one
-#nss_base_networks	ou=Networks,dc=padl,dc=com?one
-#nss_base_protocols	ou=Protocols,dc=padl,dc=com?one
-#nss_base_rpc		ou=Rpc,dc=padl,dc=com?one
-#nss_base_ethers	ou=Ethers,dc=padl,dc=com?one
-#nss_base_netmasks	ou=Networks,dc=padl,dc=com?ne
-#nss_base_bootparams	ou=Ethers,dc=padl,dc=com?one
-#nss_base_aliases	ou=Aliases,dc=padl,dc=com?one
-#nss_base_netgroup	ou=Netgroup,dc=padl,dc=com?one
-
-# attribute/objectclass mapping
-# Syntax:
-#nss_map_attribute	rfc2307attribute	mapped_attribute
-#nss_map_objectclass	rfc2307objectclass	mapped_objectclass
-
-# configure --enable-nds is no longer supported.
-# NDS mappings
-#nss_map_attribute uniqueMember member
-
-# Services for UNIX 3.5 mappings
-#nss_map_objectclass posixAccount User
-#nss_map_objectclass shadowAccount User
-#nss_map_attribute uid msSFU30Name
-#nss_map_attribute uniqueMember msSFU30PosixMember
-#nss_map_attribute userPassword msSFU30Password
-#nss_map_attribute homeDirectory msSFU30HomeDirectory
-#nss_map_attribute homeDirectory msSFUHomeDirectory
-#nss_map_objectclass posixGroup Group
-#pam_login_attribute msSFU30Name
-#pam_filter objectclass=User
-#pam_password ad
-
-# configure --enable-mssfu-schema is no longer supported.
-# Services for UNIX 2.0 mappings
-#nss_map_objectclass posixAccount User
-#nss_map_objectclass shadowAccount user
-#nss_map_attribute uid msSFUName
-#nss_map_attribute uniqueMember posixMember
-#nss_map_attribute userPassword msSFUPassword
-#nss_map_attribute homeDirectory msSFUHomeDirectory
-#nss_map_attribute shadowLastChange pwdLastSet
-#nss_map_objectclass posixGroup Group
-#nss_map_attribute cn msSFUName
-#pam_login_attribute msSFUName
-#pam_filter objectclass=User
-#pam_password ad
-
-# RFC 2307 (AD) mappings
-#nss_map_objectclass posixAccount user
-#nss_map_objectclass shadowAccount user
-#nss_map_attribute uid sAMAccountName
-#nss_map_attribute homeDirectory unixHomeDirectory
-#nss_map_attribute shadowLastChange pwdLastSet
-#nss_map_objectclass posixGroup group
-#nss_map_attribute uniqueMember member
-#pam_login_attribute sAMAccountName
-#pam_filter objectclass=User
-#pam_password ad
-
-# configure --enable-authpassword is no longer supported
-# AuthPassword mappings
-#nss_map_attribute userPassword authPassword
-
-# AIX SecureWay mappings
-#nss_map_objectclass posixAccount aixAccount
-#nss_base_passwd ou=aixaccount,?one
-#nss_map_attribute uid userName
-#nss_map_attribute gidNumber gid
-#nss_map_attribute uidNumber uid
-#nss_map_attribute userPassword passwordChar
-#nss_map_objectclass posixGroup aixAccessGroup
-#nss_base_group ou=aixgroup,?one
-#nss_map_attribute cn groupName
-#nss_map_attribute uniqueMember member
-#pam_login_attribute userName
-#pam_filter objectclass=aixAccount
-#pam_password clear
-
-# Netscape SDK LDAPS
-#ssl on
-
-# Netscape SDK SSL options
-#sslpath /etc/ssl/certs
-
-# OpenLDAP SSL mechanism
-# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
-#ssl start_tls
-#ssl on
-
-# OpenLDAP SSL options
-# Require and verify server certificate (yes/no)
-# Default is to use libldap's default behavior, which can be configured in
-# /etc/openldap/ldap.conf using the TLS_REQCERT setting.  The default for
-# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
-#tls_checkpeer yes
-
-# CA certificates for server certificate verification
-# At least one of these are required if tls_checkpeer is "yes"
-#tls_cacertfile /etc/ssl/ca.cert
-#tls_cacertdir /etc/ssl/certs
-
-# Seed the PRNG if /dev/urandom is not provided
-#tls_randfile /var/run/egd-pool
-
-# SSL cipher suite
-# See man ciphers for syntax
-#tls_ciphers TLSv1
-
-# Client certificate and key
-# Use these, if your server requires client authentication.
-#tls_cert
-#tls_key
-
-# Disable SASL security layers. This is needed for AD.
-#sasl_secprops maxssf=0
-
-# Override the default Kerberos ticket cache location.
-#krb5_ccname FILE:/etc/.ldapcache
-
-# SASL mechanism for PAM authentication - use is experimental
-# at present and does not support password policy control
-#pam_sasl_mech DIGEST-MD5
-nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,nslcd,proxy,pulse,root,rtkit,saned,speech-dispatcher,sync,sys,syslog,usbmux,uucp,whoopsie,www-data
diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close b/server/modules/pam-hso/etc/pam-script/pam_script_ses_close
deleted file mode 100755
index dc7b5bd7..00000000
--- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin"
-
-echo "[$PAM_TYPE] Closing session for $PAM_USER"
-
-[ $(id -g $PAM_USER) -eq 1001 ] && umount /home/$PAM_USER
-
diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open
deleted file mode 100755
index 4cf6bf58..00000000
--- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin"
-
-
-#check who is logged in to put the "Home"-Folder on the correct Desktop
-#Doesn't work with root!
-#export loggedInUser=$(whoami)
-[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER"
-
-
-#create Folder on Desktop to link with H-Drive, if not already existent
-if [ ! -d /home/users/$loggedInUser ]; then
-	mkdir -p /home/users/$loggedInUser
-fi
-
-
-#ask for username
-#read -p "Benutzername: " username
-
-
-#mount H-Drive
-ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/users/$loggedInUser
-
diff --git a/server/modules/pam-hso/etc/pam.d/common-account b/server/modules/pam-hso/etc/pam.d/common-account
deleted file mode 100644
index 3a5d5a14..00000000
--- a/server/modules/pam-hso/etc/pam.d/common-account
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# /etc/pam.d/common-account - authorization settings common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of the authorization modules that define
-# the central access policy for use on the system.  The default is to
-# only deny service to users whose accounts are expired in /etc/shadow.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-#
-
-# here are the per-package modules (the "Primary" block)
-account	[success=2 new_authtok_reqd=done default=ignore]	pam_unix.so
-account [success=1 new_authtok_reqd=done default=ignore]	pam_ldap.so use_first_pass
-# here's the fallback if no module succeeds
-account	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-account	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config
diff --git a/server/modules/pam-hso/etc/pam.d/common-auth b/server/modules/pam-hso/etc/pam.d/common-auth
deleted file mode 100644
index 8a2d4c86..00000000
--- a/server/modules/pam-hso/etc/pam.d/common-auth
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# /etc/pam.d/common-auth - authentication settings common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of the authentication modules that define
-# the central authentication scheme for use on the system
-# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
-# traditional Unix authentication mechanisms.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-auth	[success=2 default=ignore]	pam_unix.so try_first_pass
-auth	[success=1 default=ignore]	pam_ldap.so use_first_pass nullok_secure
-# here's the fallback if no module succeeds
-auth	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-auth	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config
diff --git a/server/modules/pam-hso/etc/pam.d/common-password b/server/modules/pam-hso/etc/pam.d/common-password
deleted file mode 100644
index cb8c7b71..00000000
--- a/server/modules/pam-hso/etc/pam.d/common-password
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# /etc/pam.d/common-password - password-related modules common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define the services to be
-# used to change user passwords.  The default is pam_unix.
-
-# Explanation of pam_unix options:
-#
-# The "sha512" option enables salted SHA512 passwords.  Without this option,
-# the default is Unix crypt.  Prior releases used the option "md5".
-#
-# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
-# login.defs.
-#
-# See the pam_unix manpage for other options.
-
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-password	[success=1 default=ignore]	pam_unix.so obscure sha512
-# here's the fallback if no module succeeds
-password	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-password	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config
diff --git a/server/modules/pam-hso/etc/pam.d/common-session b/server/modules/pam-hso/etc/pam.d/common-session
deleted file mode 100644
index 4c4a7e95..00000000
--- a/server/modules/pam-hso/etc/pam.d/common-session
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# /etc/pam.d/common-session - session-related modules common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define tasks to be performed
-# at the start and end of sessions of *any* kind (both interactive and
-# non-interactive).
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-session	[default=1]     pam_permit.so
-# here's the fallback if no module succeeds
-session	requisite       pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-session	required        pam_permit.so
-# The pam_umask module will set the umask according to the system default in
-# /etc/login.defs and user settings, solving the problem of different
-# umask settings with different shells, display managers, remote sessions etc.
-# See "man pam_umask".
-session optional        pam_umask.so
-# and here are more per-package modules (the "Additional" block)
-session	required        pam_systemd.so
-session optional        pam_env.so readenv=1
-session optional        pam_env.so readenv=1 envfile=/etc/default/locale
-session	[success=1]     pam_unix.so 
-session [success=ok]    pam_ldap.so
-session	sufficient      pam_script.so
-session optional        pam_mkhomedir.so skel=/etc/skel umask=0022
-# end of pam-auth-update config
diff --git a/server/modules/pam-hso/etc/pam.d/common-session-noninteractive b/server/modules/pam-hso/etc/pam.d/common-session-noninteractive
deleted file mode 100644
index 1fee2c4f..00000000
--- a/server/modules/pam-hso/etc/pam.d/common-session-noninteractive
+++ /dev/null
@@ -1,30 +0,0 @@
-#
-# /etc/pam.d/common-session-noninteractive - session-related modules
-# common to all non-interactive services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define tasks to be performed
-# at the start and end of all non-interactive sessions.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-session	[default=1]			pam_permit.so
-# here's the fallback if no module succeeds
-session	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-session	required			pam_permit.so
-# The pam_umask module will set the umask according to the system default in
-# /etc/login.defs and user settings, solving the problem of different
-# umask settings with different shells, display managers, remote sessions etc.
-# See "man pam_umask".
-session optional			pam_umask.so
-# and here are more per-package modules (the "Additional" block)
-session	required	pam_unix.so 
-# end of pam-auth-update config
diff --git a/server/modules/pam-hso/etc/pam.d/kdm b/server/modules/pam-hso/etc/pam.d/kdm
deleted file mode 100644
index e6a4ec9b..00000000
--- a/server/modules/pam-hso/etc/pam.d/kdm
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# /etc/pam.d/kdm - specify the PAM behaviour of kdm
-#
-auth       required     pam_nologin.so
-auth       required     pam_env.so readenv=1
-auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
-auth       include      common-auth
-account    include      common-account
-password   include      common-password
-session    include      common-session
diff --git a/server/modules/pam-hso/etc/pam.d/kdm-np b/server/modules/pam-hso/etc/pam.d/kdm-np
deleted file mode 100644
index dc10e5b5..00000000
--- a/server/modules/pam-hso/etc/pam.d/kdm-np
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-# /etc/pam.d/kdm-np - specify the PAM behaviour of kdm for passwordless logins
-#
-auth       required     pam_nologin.so
-auth       required     pam_env.so readenv=1
-auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
-session    required     pam_limits.so
-account    include      common-account
-password   include      common-password
-session    include      common-session
-auth       required     pam_permit.so
diff --git a/server/modules/pam-hso/etc/pam.d/login b/server/modules/pam-hso/etc/pam.d/login
deleted file mode 100644
index 1065f351..00000000
--- a/server/modules/pam-hso/etc/pam.d/login
+++ /dev/null
@@ -1,101 +0,0 @@
-#
-# The PAM configuration file for the Shadow `login' service
-#
-
-# Enforce a minimal delay in case of failure (in microseconds).
-# (Replaces the `FAIL_DELAY' setting from login.defs)
-# Note that other modules may require another minimal delay. (for example,
-# to disable any delay, you should add the nodelay option to pam_unix)
-auth       optional   pam_faildelay.so  delay=3000000
-
-# Outputs an issue file prior to each login prompt (Replaces the
-# ISSUE_FILE option from login.defs). Uncomment for use
-# auth       required   pam_issue.so issue=/etc/issue
-
-# Disallows root logins except on tty's listed in /etc/securetty
-# (Replaces the `CONSOLE' setting from login.defs)
-#
-# With the default control of this module:
-#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
-# root will not be prompted for a password on insecure lines.
-# if an invalid username is entered, a password is prompted (but login
-# will eventually be rejected)
-#
-# You can change it to a "requisite" module if you think root may mis-type
-# her login and should not be prompted for a password in that case. But
-# this will leave the system as vulnerable to user enumeration attacks.
-#
-# You can change it to a "required" module if you think it permits to
-# guess valid user names of your system (invalid user names are considered
-# as possibly being root on insecure lines), but root passwords may be
-# communicated over insecure lines.
-auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
-
-# Disallows other than root logins when /etc/nologin exists
-# (Replaces the `NOLOGINS_FILE' option from login.defs)
-auth       requisite  pam_nologin.so
-
-# SELinux needs to be the first session rule. This ensures that any 
-# lingering context has been cleared. Without out this it is possible 
-# that a module could execute code in the wrong domain.
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
-# OpenSLX: Not Needed?
-#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
-
-# This module parses environment configuration file(s)
-# and also allows you to use an extended config
-# file /etc/security/pam_env.conf.
-# 
-# parsing /etc/environment needs "readenv=1"
-session       required   pam_env.so readenv=1
-# locale variables are also kept into /etc/default/locale in etch
-# reading this file *in addition to /etc/environment* does not hurt
-session       required   pam_env.so readenv=1 envfile=/etc/default/locale
-
-# Standard Un*x authentication.
-auth include common-auth
-
-# TODO do we need this?
-# This allows certain extra groups to be granted to a user
-# based on things like time of day, tty, service, and user.
-# Please edit /etc/security/group.conf to fit your needs
-# (Replaces the `CONSOLE_GROUPS' option in login.defs)
-#auth       optional   pam_group.so
-
-# Uncomment and edit /etc/security/time.conf if you need to set
-# time restrainst on logins.
-# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
-# as well as /etc/porttime)
-# account    requisite  pam_time.so
-
-# Uncomment and edit /etc/security/access.conf if you need to
-# set access limits.
-# (Replaces /etc/login.access file)
-# account  required       pam_access.so
-
-# TODO do we need this?
-# Sets up user limits according to /etc/security/limits.conf
-# (Replaces the use of /etc/limits in old login)
-#session    required   pam_limits.so
-
-# TODO check if this is needed
-# Prints the last login info upon succesful login
-# (Replaces the `LASTLOG_ENAB' option from login.defs)
-session    optional   pam_lastlog.so
-
-# Prints the motd upon succesful login
-# (Replaces the `MOTD_FILE' option in login.defs)
-session    optional   pam_motd.so
-
-# Standard Un*x account and session
-account include common-account
-session include common-session
-password include common-password
-
-# SELinux needs to intervene at login time to ensure that the process
-# starts in the proper default security context. Only sessions which are
-# intended to run in the user's context should be run after this.
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
diff --git a/server/modules/pam-hso/etc/pam.d/other b/server/modules/pam-hso/etc/pam.d/other
deleted file mode 100644
index 840eb77f..00000000
--- a/server/modules/pam-hso/etc/pam.d/other
+++ /dev/null
@@ -1,10 +0,0 @@
-#%PAM-1.0
-auth	 required	pam_warn.so
-auth	 required	pam_deny.so
-account  required	pam_warn.so
-account	 required	pam_deny.so
-password required	pam_warn.so
-password required	pam_deny.so
-session  required       pam_warn.so
-session	 required	pam_deny.so
-
diff --git a/server/modules/pam-hso/etc/pam.d/passwd b/server/modules/pam-hso/etc/pam.d/passwd
deleted file mode 100644
index 32eaa3c6..00000000
--- a/server/modules/pam-hso/etc/pam.d/passwd
+++ /dev/null
@@ -1,6 +0,0 @@
-#
-# The PAM configuration file for the Shadow `passwd' service
-#
-
-password include common-password
-
diff --git a/server/modules/pam-hso/etc/pam.d/sshd b/server/modules/pam-hso/etc/pam.d/sshd
deleted file mode 100644
index 8954d639..00000000
--- a/server/modules/pam-hso/etc/pam.d/sshd
+++ /dev/null
@@ -1,41 +0,0 @@
-# PAM configuration for the Secure Shell service
-
-# Read environment variables from /etc/environment and
-# /etc/security/pam_env.conf.
-auth       required     pam_env.so # [1]
-# In Debian 4.0 (etch), locale-related environment variables were moved to
-# /etc/default/locale, so read that as well.
-auth       required     pam_env.so envfile=/etc/default/locale
-
-# Standard Un*x authentication.
-auth include common-auth
-
-# Disallow non-root logins when /etc/nologin exists.
-account    required     pam_nologin.so
-
-# Uncomment and edit /etc/security/access.conf if you need to set complex
-# access limits that are hard to express in sshd_config.
-# account  required     pam_access.so
-
-# Standard Un*x authorization.
-account include common-account
-
-# Standard Un*x session setup and teardown.
-session include common-session
-
-# Print the message of the day upon successful login.
-session    optional     pam_motd.so # [1]
-
-# TODO do we need this?
-# Print the status of the user's mailbox upon successful login.
-#session    optional     pam_mail.so standard noenv # [1]
-
-# TODO do we need this?
-# Set up user limits from /etc/security/limits.conf.
-#session    required     pam_limits.so
-
-# Set up SELinux capabilities (need modified pam)
-# session  required     pam_selinux.so multiple
-
-# Standard Un*x password updating.
-password include common-password
diff --git a/server/modules/pam-hso/etc/pam.d/vmware-authd b/server/modules/pam-hso/etc/pam.d/vmware-authd
deleted file mode 100644
index 1f9b60f9..00000000
--- a/server/modules/pam-hso/etc/pam.d/vmware-authd
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth     include        common-auth
-account  include        common-account
-password include        common-password
-session  include        common-session
-
diff --git a/server/modules/pam-hso/etc/pam.d/xdm b/server/modules/pam-hso/etc/pam.d/xdm
deleted file mode 100644
index d21651db..00000000
--- a/server/modules/pam-hso/etc/pam.d/xdm
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth     include        common-auth
-account  include        common-account
-password include        common-password
-session  required       pam_loginuid.so
-session  include        common-session