workaround for permissions fix not working. ..

30 files changed, 0 insertions, 501 deletions

diff --git a/server/modules/pam-freiburg/etc/gssapi_mech.conf b/server/modules/pam-freiburg/etc/gssapi_mech.conf
deleted file mode 100644
index ac41f5fd..00000000
--- a/server/modules/pam-freiburg/etc/gssapi_mech.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-# Example /etc/gssapi_mech.conf file
-#
-# GSSAPI Mechanism Definitions
-#
-# This configuration file determines which GSS-API mechanisms
-# the gssd code should use
-#
-# NOTE:
-# The initiaiization function "mechglue_internal_krb5_init"
-# is used for the MIT krb5 gssapi mechanism.  This special
-# function name indicates that an internal function should
-# be used to determine the entry points for the MIT gssapi
-# mechanism funtions.
-#
-# library                               initialization function
-# ================================	==========================
-# The MIT K5 gssapi library, use special function for initialization.
-libgssapi_krb5.so.2			mechglue_internal_krb5_init
-#
-# The SPKM3 gssapi library function.  Use the function spkm3_gss_initialize.
-# /usr/local/gss_mechs/spkm/spkm3/libgssapi_spkm3.so    spkm3_gss_initialize
diff --git a/server/modules/pam-freiburg/etc/idmapd.conf b/server/modules/pam-freiburg/etc/idmapd.conf
deleted file mode 100644
index 2253cf0d..00000000
--- a/server/modules/pam-freiburg/etc/idmapd.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-[General]
-
-Verbosity = 0
-Pipefs-Directory = /run/rpc_pipefs
-# set your own domain here, if id differs from FQDN minus hostname
-Domain = uni-freiburg.de
-# localdomain
-
-[Mapping]
-
-Nobody-User = nobody
-Nobody-Group = nogroup
diff --git a/server/modules/pam-freiburg/etc/krb5.conf b/server/modules/pam-freiburg/etc/krb5.conf
deleted file mode 100644
index 6fd49243..00000000
--- a/server/modules/pam-freiburg/etc/krb5.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# file copied from configuration package (rootfs/etc/krb5.conf)
-#########################################################################
-[libdefaults]
-    noaddresses = false
-    clockskew = 300
-    default_realm = PUBLIC.ADS.UNI-FREIBURG.DE
-    forwardable = true
-    minimum_uid = 1000
-    proxiable = false
-    renew_lifetime = 30d
-    retain_after_close = false
-    ticket_lifetime = 3d
-    use_shmem = sshd
-    allow_weak_crypto=true
-#########################################################################
-[realms]
-    PUBLIC.ADS.UNI-FREIBURG.DE = {
-        kdc = kerberos.uni-freiburg.de
-        default_domain = uni-freiburg.de
-        admin_server = kerberos.uni-freiburg.de
-    }
-#########################################################################
-[domain_realm]
-    uni-freiburg.de  = PUBLIC.ADS.UNI-FREIBURG.DE
-    .uni-freiburg.de = PUBLIC.ADS.UNI-FREIBURG.DE
-##########################################################################
-[appdefaults]
-#########################################################################
diff --git a/server/modules/pam-freiburg/etc/ldap.conf b/server/modules/pam-freiburg/etc/ldap.conf
deleted file mode 100644
index 483595d2..00000000
--- a/server/modules/pam-freiburg/etc/ldap.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de
-BASE ou=people,dc=uni-freiburg,dc=de
-BIND_TIMELIMIT 5
-TIMELIMIT 10
-LOGDIR /tmp/ldap
-TLS_REQCERT allow
-nss_base_passwd        ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled)
-nss_base_group         ou=group,dc=uni-freiburg,dc=de?one
-nss_map_attribute      homeDirectory rufClientHome
-
-nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,distccd,games,git,gnats,hplip,irc,kdm,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,ntp,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data
diff --git a/server/modules/pam-freiburg/etc/ldap/ldap.conf b/server/modules/pam-freiburg/etc/ldap/ldap.conf
deleted file mode 100644
index 809065cc..00000000
--- a/server/modules/pam-freiburg/etc/ldap/ldap.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-URI ldaps://bv1.ruf.uni-freiburg.de ldaps://bv2.ruf.uni-freiburg.de ldaps://bv3.ruf.uni-freiburg.de
-BASE ou=people,dc=uni-freiburg,dc=de
-TLS_REQCERT allow
-nss_base_passwd        ou=people,dc=uni-freiburg,dc=de?one?rufdienst=ldap*)(&(rufclienthome=*)(rufstatus=enabled)
-nss_base_group         ou=group,dc=uni-freiburg,dc=de?one
-nss_map_attribute      homeDirectory rufClientHome
-
diff --git a/server/modules/pam-freiburg/etc/openldap/ldap.conf b/server/modules/pam-freiburg/etc/openldap/ldap.conf
deleted file mode 120000
index c0aaf459..00000000
--- a/server/modules/pam-freiburg/etc/openldap/ldap.conf
+++ /dev/null
@@ -1 +0,0 @@
-/etc/ldap.conf
\ No newline at end of file
diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close
deleted file mode 120000
index f3682056..00000000
--- a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_close
+++ /dev/null
@@ -1 +0,0 @@
-/opt/openslx/scripts/pam_script_ses_close
\ No newline at end of file
diff --git a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open b/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open
deleted file mode 120000
index 4f5598e5..00000000
--- a/server/modules/pam-freiburg/etc/pam-script/pam_script_ses_open
+++ /dev/null
@@ -1 +0,0 @@
-/opt/openslx/scripts/pam_script_ses_open
\ No newline at end of file
diff --git a/server/modules/pam-freiburg/etc/pam.d/common-account b/server/modules/pam-freiburg/etc/pam.d/common-account
deleted file mode 100644
index 3a5d5a14..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/common-account
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# /etc/pam.d/common-account - authorization settings common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of the authorization modules that define
-# the central access policy for use on the system.  The default is to
-# only deny service to users whose accounts are expired in /etc/shadow.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-#
-
-# here are the per-package modules (the "Primary" block)
-account	[success=2 new_authtok_reqd=done default=ignore]	pam_unix.so
-account [success=1 new_authtok_reqd=done default=ignore]	pam_ldap.so use_first_pass
-# here's the fallback if no module succeeds
-account	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-account	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config
diff --git a/server/modules/pam-freiburg/etc/pam.d/common-auth b/server/modules/pam-freiburg/etc/pam.d/common-auth
deleted file mode 100644
index 790afa1d..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/common-auth
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# /etc/pam.d/common-auth - authentication settings common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of the authentication modules that define
-# the central authentication scheme for use on the system
-# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
-# traditional Unix authentication mechanisms.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-auth	[success=3 default=ignore]	pam_krb5.so minimum_uid=1000
-auth	[success=2 default=ignore]	pam_unix.so try_first_pass
-auth	[success=1 default=ignore]	pam_ldap.so use_first_pass
-# here's the fallback if no module succeeds
-auth	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-auth	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config
diff --git a/server/modules/pam-freiburg/etc/pam.d/common-password b/server/modules/pam-freiburg/etc/pam.d/common-password
deleted file mode 100644
index cb8c7b71..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/common-password
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# /etc/pam.d/common-password - password-related modules common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define the services to be
-# used to change user passwords.  The default is pam_unix.
-
-# Explanation of pam_unix options:
-#
-# The "sha512" option enables salted SHA512 passwords.  Without this option,
-# the default is Unix crypt.  Prior releases used the option "md5".
-#
-# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
-# login.defs.
-#
-# See the pam_unix manpage for other options.
-
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-password	[success=1 default=ignore]	pam_unix.so obscure sha512
-# here's the fallback if no module succeeds
-password	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-password	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config
diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session
deleted file mode 100644
index 9a8b73e1..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/common-session
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# /etc/pam.d/common-session - session-related modules common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define tasks to be performed
-# at the start and end of sessions of *any* kind (both interactive and
-# non-interactive).
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-session	[default=1]     pam_permit.so
-# here's the fallback if no module succeeds
-session	requisite       pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-session	required        pam_permit.so
-# The pam_umask module will set the umask according to the system default in
-# /etc/login.defs and user settings, solving the problem of different
-# umask settings with different shells, display managers, remote sessions etc.
-# See "man pam_umask".
-session optional        pam_umask.so
-# and here are more per-package modules (the "Additional" block)
-session	required        pam_systemd.so
-session optional			pam_ck_connector.so
-session optional        pam_env.so readenv=1
-session optional        pam_env.so readenv=1 envfile=/etc/default/locale
-session	optional        pam_krb5.so minimum_uid=1000
-session	[success=1]     pam_unix.so 
-session [success=ok]    pam_ldap.so
-session	sufficient      pam_script.so
-session optional        pam_mkhomedir.so skel=/etc/skel umask=0022
-# end of pam-auth-update config
diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive b/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive
deleted file mode 100644
index 1fee2c4f..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/common-session-noninteractive
+++ /dev/null
@@ -1,30 +0,0 @@
-#
-# /etc/pam.d/common-session-noninteractive - session-related modules
-# common to all non-interactive services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define tasks to be performed
-# at the start and end of all non-interactive sessions.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-session	[default=1]			pam_permit.so
-# here's the fallback if no module succeeds
-session	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-session	required			pam_permit.so
-# The pam_umask module will set the umask according to the system default in
-# /etc/login.defs and user settings, solving the problem of different
-# umask settings with different shells, display managers, remote sessions etc.
-# See "man pam_umask".
-session optional			pam_umask.so
-# and here are more per-package modules (the "Additional" block)
-session	required	pam_unix.so 
-# end of pam-auth-update config
diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm b/server/modules/pam-freiburg/etc/pam.d/kdm
deleted file mode 100644
index e6a4ec9b..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/kdm
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# /etc/pam.d/kdm - specify the PAM behaviour of kdm
-#
-auth       required     pam_nologin.so
-auth       required     pam_env.so readenv=1
-auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
-auth       include      common-auth
-account    include      common-account
-password   include      common-password
-session    include      common-session
diff --git a/server/modules/pam-freiburg/etc/pam.d/kdm-np b/server/modules/pam-freiburg/etc/pam.d/kdm-np
deleted file mode 100644
index dc10e5b5..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/kdm-np
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-# /etc/pam.d/kdm-np - specify the PAM behaviour of kdm for passwordless logins
-#
-auth       required     pam_nologin.so
-auth       required     pam_env.so readenv=1
-auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
-session    required     pam_limits.so
-account    include      common-account
-password   include      common-password
-session    include      common-session
-auth       required     pam_permit.so
diff --git a/server/modules/pam-freiburg/etc/pam.d/login b/server/modules/pam-freiburg/etc/pam.d/login
deleted file mode 100644
index 1065f351..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/login
+++ /dev/null
@@ -1,101 +0,0 @@
-#
-# The PAM configuration file for the Shadow `login' service
-#
-
-# Enforce a minimal delay in case of failure (in microseconds).
-# (Replaces the `FAIL_DELAY' setting from login.defs)
-# Note that other modules may require another minimal delay. (for example,
-# to disable any delay, you should add the nodelay option to pam_unix)
-auth       optional   pam_faildelay.so  delay=3000000
-
-# Outputs an issue file prior to each login prompt (Replaces the
-# ISSUE_FILE option from login.defs). Uncomment for use
-# auth       required   pam_issue.so issue=/etc/issue
-
-# Disallows root logins except on tty's listed in /etc/securetty
-# (Replaces the `CONSOLE' setting from login.defs)
-#
-# With the default control of this module:
-#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
-# root will not be prompted for a password on insecure lines.
-# if an invalid username is entered, a password is prompted (but login
-# will eventually be rejected)
-#
-# You can change it to a "requisite" module if you think root may mis-type
-# her login and should not be prompted for a password in that case. But
-# this will leave the system as vulnerable to user enumeration attacks.
-#
-# You can change it to a "required" module if you think it permits to
-# guess valid user names of your system (invalid user names are considered
-# as possibly being root on insecure lines), but root passwords may be
-# communicated over insecure lines.
-auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
-
-# Disallows other than root logins when /etc/nologin exists
-# (Replaces the `NOLOGINS_FILE' option from login.defs)
-auth       requisite  pam_nologin.so
-
-# SELinux needs to be the first session rule. This ensures that any 
-# lingering context has been cleared. Without out this it is possible 
-# that a module could execute code in the wrong domain.
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
-# OpenSLX: Not Needed?
-#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
-
-# This module parses environment configuration file(s)
-# and also allows you to use an extended config
-# file /etc/security/pam_env.conf.
-# 
-# parsing /etc/environment needs "readenv=1"
-session       required   pam_env.so readenv=1
-# locale variables are also kept into /etc/default/locale in etch
-# reading this file *in addition to /etc/environment* does not hurt
-session       required   pam_env.so readenv=1 envfile=/etc/default/locale
-
-# Standard Un*x authentication.
-auth include common-auth
-
-# TODO do we need this?
-# This allows certain extra groups to be granted to a user
-# based on things like time of day, tty, service, and user.
-# Please edit /etc/security/group.conf to fit your needs
-# (Replaces the `CONSOLE_GROUPS' option in login.defs)
-#auth       optional   pam_group.so
-
-# Uncomment and edit /etc/security/time.conf if you need to set
-# time restrainst on logins.
-# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
-# as well as /etc/porttime)
-# account    requisite  pam_time.so
-
-# Uncomment and edit /etc/security/access.conf if you need to
-# set access limits.
-# (Replaces /etc/login.access file)
-# account  required       pam_access.so
-
-# TODO do we need this?
-# Sets up user limits according to /etc/security/limits.conf
-# (Replaces the use of /etc/limits in old login)
-#session    required   pam_limits.so
-
-# TODO check if this is needed
-# Prints the last login info upon succesful login
-# (Replaces the `LASTLOG_ENAB' option from login.defs)
-session    optional   pam_lastlog.so
-
-# Prints the motd upon succesful login
-# (Replaces the `MOTD_FILE' option in login.defs)
-session    optional   pam_motd.so
-
-# Standard Un*x account and session
-account include common-account
-session include common-session
-password include common-password
-
-# SELinux needs to intervene at login time to ensure that the process
-# starts in the proper default security context. Only sessions which are
-# intended to run in the user's context should be run after this.
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
diff --git a/server/modules/pam-freiburg/etc/pam.d/other b/server/modules/pam-freiburg/etc/pam.d/other
deleted file mode 100644
index 840eb77f..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/other
+++ /dev/null
@@ -1,10 +0,0 @@
-#%PAM-1.0
-auth	 required	pam_warn.so
-auth	 required	pam_deny.so
-account  required	pam_warn.so
-account	 required	pam_deny.so
-password required	pam_warn.so
-password required	pam_deny.so
-session  required       pam_warn.so
-session	 required	pam_deny.so
-
diff --git a/server/modules/pam-freiburg/etc/pam.d/passwd b/server/modules/pam-freiburg/etc/pam.d/passwd
deleted file mode 100644
index 32eaa3c6..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/passwd
+++ /dev/null
@@ -1,6 +0,0 @@
-#
-# The PAM configuration file for the Shadow `passwd' service
-#
-
-password include common-password
-
diff --git a/server/modules/pam-freiburg/etc/pam.d/sshd b/server/modules/pam-freiburg/etc/pam.d/sshd
deleted file mode 100644
index 8954d639..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/sshd
+++ /dev/null
@@ -1,41 +0,0 @@
-# PAM configuration for the Secure Shell service
-
-# Read environment variables from /etc/environment and
-# /etc/security/pam_env.conf.
-auth       required     pam_env.so # [1]
-# In Debian 4.0 (etch), locale-related environment variables were moved to
-# /etc/default/locale, so read that as well.
-auth       required     pam_env.so envfile=/etc/default/locale
-
-# Standard Un*x authentication.
-auth include common-auth
-
-# Disallow non-root logins when /etc/nologin exists.
-account    required     pam_nologin.so
-
-# Uncomment and edit /etc/security/access.conf if you need to set complex
-# access limits that are hard to express in sshd_config.
-# account  required     pam_access.so
-
-# Standard Un*x authorization.
-account include common-account
-
-# Standard Un*x session setup and teardown.
-session include common-session
-
-# Print the message of the day upon successful login.
-session    optional     pam_motd.so # [1]
-
-# TODO do we need this?
-# Print the status of the user's mailbox upon successful login.
-#session    optional     pam_mail.so standard noenv # [1]
-
-# TODO do we need this?
-# Set up user limits from /etc/security/limits.conf.
-#session    required     pam_limits.so
-
-# Set up SELinux capabilities (need modified pam)
-# session  required     pam_selinux.so multiple
-
-# Standard Un*x password updating.
-password include common-password
diff --git a/server/modules/pam-freiburg/etc/pam.d/vmware-authd b/server/modules/pam-freiburg/etc/pam.d/vmware-authd
deleted file mode 100644
index 1f9b60f9..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/vmware-authd
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth     include        common-auth
-account  include        common-account
-password include        common-password
-session  include        common-session
-
diff --git a/server/modules/pam-freiburg/etc/pam.d/xdm b/server/modules/pam-freiburg/etc/pam.d/xdm
deleted file mode 100644
index d21651db..00000000
--- a/server/modules/pam-freiburg/etc/pam.d/xdm
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth     include        common-auth
-account  include        common-account
-password include        common-password
-session  required       pam_loginuid.so
-session  include        common-session
diff --git a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service
deleted file mode 100644
index 664f7dd7..00000000
--- a/server/modules/pam-freiburg/etc/systemd/system/activate-nss-ldap.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=Activate NSS-LDAP lookups
-Before=graphical.target
-
-[Service]
-Type=oneshot
-ExecStart=-/opt/openslx/bin/mkdir /tmp/ldap
-ExecStart=/opt/openslx/bin/sed -i -e 's/^passwd:.*$/passwd:\t\tcache files ldap/;s/^group:.*$/group:\t\tcache files ldap/' /etc/nsswitch.conf
-ExecStart=/usr/bin/systemctl restart nscd
-
diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service
deleted file mode 120000
index 1102840c..00000000
--- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/activate-nss-ldap.service
+++ /dev/null
@@ -1 +0,0 @@
-../activate-nss-ldap.service
\ No newline at end of file
diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service
deleted file mode 120000
index 194aba77..00000000
--- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-gssd.service
+++ /dev/null
@@ -1 +0,0 @@
-../rpc-gssd.service
\ No newline at end of file
diff --git a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service
deleted file mode 120000
index 66a28252..00000000
--- a/server/modules/pam-freiburg/etc/systemd/system/getty.target.wants/rpc-idmapd.service
+++ /dev/null
@@ -1 +0,0 @@
-../rpc-idmapd.service
\ No newline at end of file
diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service
deleted file mode 100644
index 79ffce8d..00000000
--- a/server/modules/pam-freiburg/etc/systemd/system/rpc-gssd.service
+++ /dev/null
@@ -1,7 +0,0 @@
-[Unit]
-Description=NFS rpcsec_gss daemon
-Requires=run-rpc_pipefs.mount
-After=run-rpc_pipefs.mount
-
-[Service]
-ExecStart=/usr/sbin/rpc.gssd -f -vvv -p /run/rpc_pipefs
diff --git a/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service b/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service
deleted file mode 100644
index c4da93e7..00000000
--- a/server/modules/pam-freiburg/etc/systemd/system/rpc-idmapd.service
+++ /dev/null
@@ -1,7 +0,0 @@
-[Unit]
-Description=NFSv4 ID-name mapping daemon
-Requires=network.target run-rpc_pipefs.mount
-After=network.target
-
-[Service]
-ExecStart=/usr/sbin/rpc.idmapd -f
diff --git a/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount b/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount
deleted file mode 100644
index 692adce8..00000000
--- a/server/modules/pam-freiburg/etc/systemd/system/run-rpc_pipefs.mount
+++ /dev/null
@@ -1,7 +0,0 @@
-[Unit]
-Description=Pipefs RPC filesystem
-
-[Mount]
-What=rpc_pipefs
-Where=/run/rpc_pipefs
-Type=rpc_pipefs
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close
deleted file mode 100755
index 44dcd418..00000000
--- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_close
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Closing session for $PAM_USER"
-
-
diff --git a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open b/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open
deleted file mode 100755
index 205090b6..00000000
--- a/server/modules/pam-freiburg/opt/openslx/scripts/pam_script_ses_open
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/bash
-
-export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin"
-
-[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Opening session for $PAM_USER"
-
-if [ ! -z "$(mount|grep $PAM_USER)" ]; then
-	[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Home directory of '$PAM_USER' is already mounted."
-	exit 0
-fi
-
-if [ $(id -g $PAM_USER) -ge 1000 ]; then
-	[ ! -z "$SLX_DEBUG" ] && echo "[$PAM_TYPE] Mounting home directory for $PAM_USER"
-
-	# generate keytab
-	sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab
-	chmod 600 /etc/krb5.keytab
-
-	# determine fileserver and share for home directories
-	ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER"
-
-	FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2)
-	VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2)
-
-	# now we can mount the home directory!
-	mkdir -p /home/$PAM_USER
-	if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then
-		exit 0
-	else
-		echo "Failed to mount home directory for $PAM_USER"
-		exit 1
-	fi
-	
-fi
-