diff --git a/packages/pom.xml b/packages/pom.xml
index af859a59741..36830dc7e02 100644
--- a/packages/pom.xml
+++ b/packages/pom.xml
@@ -170,11 +170,6 @@
gplazma2-kpwd
${project.version}
-
- org.dcache
- gplazma2-xacml
- ${project.version}
-
org.dcache
gplazma2-ldap
diff --git a/skel/share/defaults/gplazma.properties b/skel/share/defaults/gplazma.properties
index 14c3f3fa6e3..2b150490e40 100644
--- a/skel/share/defaults/gplazma.properties
+++ b/skel/share/defaults/gplazma.properties
@@ -263,18 +263,6 @@ gplazma.nis.domain=
#
gplazma.jaas.name=gplazma
-# ---- Path to the PEM encoded host key
-gplazma.xacml.hostkey=${dcache.authn.hostcert.key}
-
-# ---- Path to the PEM encoded host certificate
-gplazma.xacml.hostcert=${dcache.authn.hostcert.cert}
-
-# ---- Path to the directory containing trusted CA certificates
-gplazma.xacml.ca=${dcache.authn.capath}
-
-# ---- Path to the vomsdir directory
-gplazma.xacml.vomsdir=${dcache.authn.vomsdir}
-
# ---- LDAP plugin
#
# LDAP server url, eg ldap://ldap.example.org:389
@@ -666,3 +654,8 @@ gplazma.roles.observer-gid =
(obsolete)gplazma.x509.use-policy-principals =
(obsolete)gplazma.scitoken.dcache-supports-exempt-principal = Principal is now fully supported.
(forbidden)gplazma.oidc.hostnames = Use 'gplazma.oidc.provider' instead.
+(forbidden)gplazma.xacml.hostkey=XACML plugin not supported any more
+(forbidden)gplazma.xacml.hostcert=XACML plugin not supported any more
+(forbidden)gplazma.xacml.ca=XACML plugin not supported any more
+(forbidden)gplazma.xacml.vomsdir=XACML plugin not supported any more
+