diff --git a/packages/pom.xml b/packages/pom.xml
index af859a59741..36830dc7e02 100644
--- a/packages/pom.xml
+++ b/packages/pom.xml
@@ -170,11 +170,6 @@
         <artifactId>gplazma2-kpwd</artifactId>
         <version>${project.version}</version>
     </dependency>
-    <dependency>
-        <groupId>org.dcache</groupId>
-        <artifactId>gplazma2-xacml</artifactId>
-        <version>${project.version}</version>
-    </dependency>
     <dependency>
         <groupId>org.dcache</groupId>
         <artifactId>gplazma2-ldap</artifactId>
diff --git a/skel/share/defaults/gplazma.properties b/skel/share/defaults/gplazma.properties
index 14c3f3fa6e3..2b150490e40 100644
--- a/skel/share/defaults/gplazma.properties
+++ b/skel/share/defaults/gplazma.properties
@@ -263,18 +263,6 @@ gplazma.nis.domain=
 #
 gplazma.jaas.name=gplazma
 
-#  ---- Path to the PEM encoded host key
-gplazma.xacml.hostkey=${dcache.authn.hostcert.key}
-
-#  ---- Path to the PEM encoded host certificate
-gplazma.xacml.hostcert=${dcache.authn.hostcert.cert}
-
-#  ---- Path to the directory containing trusted CA certificates
-gplazma.xacml.ca=${dcache.authn.capath}
-
-#  ---- Path to the vomsdir directory
-gplazma.xacml.vomsdir=${dcache.authn.vomsdir}
-
 # ---- LDAP plugin
 #
 # LDAP server url, eg ldap://ldap.example.org:389
@@ -666,3 +654,8 @@ gplazma.roles.observer-gid =
 (obsolete)gplazma.x509.use-policy-principals =
 (obsolete)gplazma.scitoken.dcache-supports-exempt-principal = Principal is now fully supported.
 (forbidden)gplazma.oidc.hostnames = Use 'gplazma.oidc.provider' instead.
+(forbidden)gplazma.xacml.hostkey=XACML plugin not supported any more
+(forbidden)gplazma.xacml.hostcert=XACML plugin not supported any more
+(forbidden)gplazma.xacml.ca=XACML plugin not supported any more
+(forbidden)gplazma.xacml.vomsdir=XACML plugin not supported any more
+