diff --git a/config/rootauthrc.in b/config/rootauthrc.in
index 468e7a57623d013eba7c4616c6cf482bdc74c4a5..749d82e983e1100d9b184d2a59bb402282707fb6 100644
--- a/config/rootauthrc.in
+++ b/config/rootauthrc.in
@@ -63,7 +63,6 @@
#
# UsrPwd usrpwd 0
# Kerberos krb5 2
-# UidGid uidgid 5 (insecure)
#
# Example of a valid 'list' line:
#
@@ -101,8 +100,6 @@
# session: this allows to speed up operation in case of multiple
# access). Default is 'yes' for methods 0 (UsrPwd), superseeded
# by the related entries in '.rootrc'.
-# No additional info is needed by method 5 (UidGid): this method
-# sends to the remote host the (uid,gid) of the current process;
# 'reuse' will be af no advantage and 'prompt' is not allowed for
# security reasons. The format for the default info depends on
# the method:
@@ -111,7 +108,6 @@
#
# UsrPwd us:<username> cp:<crypt_option>
# Kerberos pp:<principal> us:<username>(<principal>)
-# UidGid
#
# The key 'us' allows to specify a target username different from
# the local username (which is the default target username); the
@@ -123,7 +119,6 @@
# or not (slighty faster), values are 'yes' or '1' for YES,
# 'no' or '0' for NO (case sensitive);
#
-#
# For Kerberos, the default principal is the one associated to
# the local user in the Kerberos realm. A different principal
# can be specified via the key 'pp', access to which must be granted
@@ -138,7 +133,6 @@
# default user asdfgh method usrpwd pt:1 ru:no
# include local/myrootauthrc
# include $ROOTSYS/etc/system.rootauthrc
-# localhost list uidgid
# pcepsft43.cern.ch user asdfgh method 2 pt:no pp:asdkrb@LOC.KRB.REALM
#
# The first line states that, unless differently specified,
@@ -151,9 +145,7 @@
# directory where the intercative root session was started.
# The fourth directive includes the content of the system
# defaults.
-# The fifth line states that when accessing slaves on the local
-# host, the uidgid method should be used.
-# The sixth line states that the krb5 method should be used for
+# The fifth line states that the krb5 method should be used for
# accessing account 'asdfgh' at pcepsft43.cern.ch, with kerberos
# credentials for principal adskrb@LOC.KRB.REALM .
#
@@ -173,4 +165,4 @@
# from the rest of the .rootauthrc file is sent to slaves via the master
#
#
-default list usrpwd @havesrp@ @havekrb5@ uidgid
+default list usrpwd @havekrb5@
diff --git a/config/rootdaemonrc.in b/config/rootdaemonrc.in
index 1d7ebbad05bd89fec1f52ec724b0f2ada15e3d9a..c94a02a7cb6c4f7a776891cb0d0d6d0d44108462 100644
--- a/config/rootdaemonrc.in
+++ b/config/rootdaemonrc.in
@@ -45,46 +45,27 @@
#
# UsrPwd usrpwd 0
# Kerberos krb5 2
-# UidGid uidgid 5 (insecure)
#
# (The insecure method is intended to speed up access within a cluster
# protected by other means from outside attacks; should not be used for
# inter-cluster or inter-domain authentication).
# Methods non specified explicitly are not accepted.
-# For the insecure method it is possible to give access only to a
-# specific list of users by specifying the usernames after the method
-# separated by colons (:) example:
-#
-# uidgid:user1:user2:user3
-#
-# will allow uidgid access only to users user1, user2 and user3.
-# This is useful to give easy access to data servers.
-#
-# It is also possible to deny access to a user by using a '-' in front of
-# the name:
-#
-# uidgid:-user4
#
# - Lines ending with '\' are followed by additional information for the
# host on the next line; the name of the host should not be repeated.
#
-# Example of allowing machines in the cern.ch domain to authenticate
-# using UsrPwd (as preferred method) in this case, attempts to use Kerberos
-# or UidGid methods will be rejected; however, the accepted methods will be
-# communicated to the client and an automatic retry is attempted if the
-# client can use any of them (negotiation).
+# Example of allowing machines in the cern.ch domain to authenticate.
+# The accepted methods will be communicated to the client and an automatic
+# retry is attempted if the client can use any of them (negotiation).
#
# Valid examples:
#
# default none
-# default 0 uidgid
-# 137.138. 0 5
-# pceple19.cern.ch 2 5 0
-# lxplus*.cern.ch 0:qwerty:uytre 5
+# lxplus*.cern.ch 0:qwerty:uytre 2
# Everything allowed from the local host (for testing)
#
-127.0.0.1 0 2 5
+127.0.0.1 0 2
#
# secure methods allowed by default
default usrpwd @havekrb5@
diff --git a/config/rootrc.in b/config/rootrc.in
index b21cf51dc6b83085be83e5d86d75bc6f58f78c3c..c954cf448978a76c3212d5f2aa550b0f2d76557b 100644
--- a/config/rootrc.in
+++ b/config/rootrc.in
@@ -438,12 +438,10 @@ ACLiC.Linkdef: _linkdef
# Default login name (if not defined is taken from $(HOME)).
#UsrPwd.Login: qwerty
#Krb5.Login: qwerty@LOCAL.DOM.AIN
-#UidGid.Login: qwerty
# To be prompted for login information.
#UsrPwd.LoginPrompt: yes
#Krb5.LoginPrompt: yes
-#UidGid.LoginPrompt: yes
# To reuse established security context.
UsrPwd.ReUse: yes
diff --git a/etc/proof/proof.conf.sample b/etc/proof/proof.conf.sample
index 70dc4498729fa86ba4915a94884585090f857f57..db281f3736d6942356d931dc21e884c7e2c41cc4 100644
--- a/etc/proof/proof.conf.sample
+++ b/etc/proof/proof.conf.sample
@@ -35,7 +35,7 @@
#
# For backward compatibility it is still possible to specify the methods
# used for worker authentication as a list following the 'worker <hostname>'
-# (e.g. worker <hostname> uidgid usrpwd), this is however deprecated.
+# (e.g. worker <hostname> usrpwd), this is however deprecated.
# Authentication directives are specified via $ROOTSYS/etc/system.rootauthrc
# and/or $HOME/.rootauthrc files. See $ROOTSYS/etc/system.rootauthrc for details.
#
diff --git a/man/man1/system.rootdaemonrc.1 b/man/man1/system.rootdaemonrc.1
index a4f090ea7267244c25de25751d9621d86ece9417..da4835a9106afb8507e6251bbbabddbe5bc81af1 100644
--- a/man/man1/system.rootdaemonrc.1
+++ b/man/man1/system.rootdaemonrc.1
@@ -56,15 +56,9 @@ the information following the name or IP address indicates, in order of preferen
UsrPwd usrpwd 0
Kerberos krb5 2
- UidGid uidgid 5 (insecure)
-(The insecure method is intended to speed up access within a cluster protected by other means from outside attacks; should not be used for inter-cluster or inter-domain authentication). Methods non specified explicitly are not accepted. For the insecure method it is possible to give access only to a specific list of users by specifying the usernames after the method separated by colons (:) example:
+Methods not specified explicitly are not accepted.
- uidgid:user1:user2:user3
-
-will allow uidgid access only to users user1, user2 and user3. This is useful to give easy access to data servers. It is also possible to deny access to a user by using a '-' in front of the name:
-
- uidgid:-user4
.TP
.B *
Lines ending with '\' are followed by additional information for the host on the next line; the name of the host should not be repeated.
@@ -84,10 +78,6 @@ Authentication mechanisms allowed by default are 'usrpwd' (code 0)
.B 137.138. 0
Authentication mechanisms allowed from host in the domain 137.138. (cern.ch) are 'usrpwd' (code 0)
-.TP
-.B pceple19.cern.ch 1 3 2 5 0
-All mechanisms are accepted for requests coming from host pceple19.cern.ch .
-
.TP
.B lxplus*.cern.ch 0:qwerty:uytre
Requests from the lxplus cluster from users 'qwerty' and 'uytre' can authenticate using 'usrpwd'.
diff --git a/net/auth/src/TAuthenticate.cxx b/net/auth/src/TAuthenticate.cxx
index 15f4cf4fde365f082580de99f421190cea434728..46c021a1950ab0ab238759283ef137c9db178de0 100644
--- a/net/auth/src/TAuthenticate.cxx
+++ b/net/auth/src/TAuthenticate.cxx
@@ -94,7 +94,7 @@ struct R__rsa_NUMBER: rsa_NUMBER {};
// Statics initialization
TList *TAuthenticate::fgAuthInfo = 0;
TString TAuthenticate::fgAuthMeth[] = { "UsrPwd", "Unsupported", "Krb5",
- "Unsupported", "Unsupported", "UidGid" };
+ "Unsupported", "Unsupported", "Unsupported" };
Bool_t TAuthenticate::fgAuthReUse;
TString TAuthenticate::fgDefaultUser;
TDatime TAuthenticate::fgExpDate;
diff --git a/net/net/src/TSocket.cxx b/net/net/src/TSocket.cxx
index 1294201650ae9f2d741fe47fc318711e647815db..56f7571a16b564d2258400b5d13770d82847dc20 100644
--- a/net/net/src/TSocket.cxx
+++ b/net/net/src/TSocket.cxx
@@ -1255,8 +1255,7 @@ Bool_t TSocket::Authenticate(const char *user)
/// any remote server session using TServerSocket)
/// [p] = for parallel sockets (forced internally for
/// rootd; ignored for proofd)
-/// [auth] = "up", "k", "ug" to force UsrPwd,
-/// Krb5, or UidGid authentication
+/// [auth] = "up" or "k" to force UsrPwd or Krb5 authentication
/// [port] = is the remote port number
/// [service] = service name used to determine the port
/// (for backward compatibility, specification of
@@ -1403,8 +1402,7 @@ TSocket *TSocket::CreateAuthSocket(const char *url, Int_t size, Int_t tcpwindows
/// any remote server session using TServerSocket)
/// [p] = for parallel sockets (forced internally for
/// rootd)
-/// [auth] = "up", "k", "ug" to force UsrPwd,
-/// Krb5, or UidGid authentication
+/// [auth] = "up" or "k" to force UsrPwd or Krb5 authentication
/// [options] = "m" or "s", when proto=proofd indicates whether
/// we are master or slave (used internally by TSlave)
///
diff --git a/net/rpdutils/src/rpdutils.cxx b/net/rpdutils/src/rpdutils.cxx
index 575317a8f576eb12c2a3050a4268cabe898a0cb2..6bc195359490a07030237327cb0ee438cbc2d4c4 100644
--- a/net/rpdutils/src/rpdutils.cxx
+++ b/net/rpdutils/src/rpdutils.cxx
@@ -236,7 +236,7 @@ static const int gAUTH_GLB_MSK = 0x8;
static const int gMAXTABSIZE = 50000000;
static const std::string gAuthMeth[kMAXSEC] = { "UsrPwd", "Unsupported", "Krb5",
- "Unsupported", "Unsupported", "UidGid" };
+ "Unsupported", "Unsupported", "Unsupported" };
static const std::string gAuthTab = "/rpdauthtab"; // auth table
static const std::string gDaemonRc = ".rootdaemonrc"; // daemon access rules
static const std::string gRootdPass = ".rootdpass"; // special rootd passwd
diff --git a/tutorials/net/TestAuth.C b/tutorials/net/TestAuth.C
index 056c4999efdd0e0cd49313997c25deb6cc719107..80b0d73aee21e8a87036a3b81cf1aed409ba04f3 100644
--- a/tutorials/net/TestAuth.C
+++ b/tutorials/net/TestAuth.C
@@ -67,8 +67,6 @@
/// + Testing Krb5 ... +
/// Password for ganis@PCEPSFT43.CERN.CH:
/// + +
-/// + Testing UidGid ... +
-/// + +
/// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
///
/// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@@ -77,7 +75,6 @@
/// + +
/// + Method: 0 (UsrPwd): successful! (reuse: successful!) +
/// + Method: 2 (Krb5): successful! (reuse: successful!) +
-/// + Method: 5 (UidGid): successful! +
/// + +
/// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/// ~~~