diff --git a/lam/config/shells b/lam/config/shells
deleted file mode 100644
index b37aa6d0..00000000
--- a/lam/config/shells
+++ /dev/null
@@ -1,16 +0,0 @@
-/bin/ash
-/bin/bash
-/bin/csh
-/bin/false
-/bin/ksh
-/bin/sh
-/bin/tcsh
-/bin/true
-/bin/zsh
-/usr/bin/csh
-/usr/bin/ksh
-/usr/bin/passwd
-/usr/bin/bash
-/usr/bin/rbash
-/usr/bin/tcsh
-/usr/bin/zsh
diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 19ba0f4b..9acfef88 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -691,6 +691,19 @@ Have fun!
       <section id="a_versUpgrade">
         <title>Version specific upgrade instructions</title>
 
+        <section>
+          <title>4.0 -&gt; 4.1</title>
+
+          <para><emphasis role="bold">Unix:</emphasis> The list of valid login
+          shells is no longer configured in "config/shells" but in the
+          server/self service profiles (Unix settings). LAM will use the
+          following shells by default: /bin/bash, /bin/csh, /bin/dash,
+          /bin/false, /bin/ksh, /bin/sh.</para>
+
+          <para>Please update your server/self service profile if you would
+          like to change the list of valid login shells.</para>
+        </section>
+
         <section>
           <title>3.9 -&gt; 4.0</title>
 
diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index e5f940f3..fbc544b6 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -32,33 +32,6 @@ $Id$
 */
 
 
-
-/**
-* Returns a list of shells listed in config/shells.
-*
-* @return array list of shell names
-*/
-function getshells() {
-	$return = array();
-	$shellPath = dirname(__FILE__) . '/../config/shells';
-	// load shells from file
-	if (file_exists($shellPath)) {
-		$shells = file($shellPath);
-		for ($i = 0; $i < sizeof($shells); $i++) {
-			// remove whitespaces and line end
-			$shells[$i] = trim($shells[$i]);
-			// remove comments
-			if ((strlen($shells[$i]) == 0) || $shells[$i]{0}=='#') {
-				continue;
-			}
-			$return[] = $shells[$i];
-		}
-		return $return;
-	}
-	return $return;
-}
-
-
 /**
 * This function will return all values from $array without values of $values.
 *
diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index 67c112fe..e07ac1c8 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -162,7 +162,11 @@ class posixAccount extends baseModule implements passwordService {
 			$selfServiceContainer = new htmlTable();
 			$selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(),
 				array('SSHA'), _("Password hash type")));
-			$selfServiceContainer->addElement(new htmlHelpLink('pwdHash', get_class($this)));
+			$selfServiceContainer->addElement(new htmlHelpLink('pwdHash', get_class($this)), true);
+			$selfServiceContainer->addElement(new htmlTableExtendedInputTextarea('posixAccount_shells', implode("\r\n", $this->getShells()), 30, 4, _('Login shells')));
+			$loginShellsHelp = new htmlHelpLink('loginShells', get_class($this));
+			$loginShellsHelp->alignment = htmlElement::ALIGN_TOP;
+			$selfServiceContainer->addElement($loginShellsHelp, true);
 			$return['selfServiceSettings'] = $selfServiceContainer;
 		}
 		// profile checks
@@ -198,7 +202,8 @@ class posixAccount extends baseModule implements passwordService {
 		$configOptionsContainer->addElement(new htmlSubTitle(_('Options')), true);
 		$configOptionsContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', getSupportedHashTypes(),
 			array('SSHA'), _("Password hash type"), 'pwdHash'), true);
-		$configOptionsContainer->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary'));
+		$configOptionsContainer->addElement(new htmlTableExtendedInputCheckbox('posixAccount_primaryGroupAsSecondary', false, _('Set primary group as memberUid'), 'primaryGroupAsSecondary'), true);
+		$configOptionsContainer->addElement(new htmlTableExtendedInputTextarea('posixAccount_shells', implode("\r\n", $this->getShells()), 30, 4, _('Login shells'), 'loginShells'), true);
 		$return['config_options']['all'] = $configOptionsContainer;
 		// upload
 		$return['upload_preDepends'] = array('inetOrgPerson');
@@ -257,7 +262,7 @@ class posixAccount extends baseModule implements passwordService {
 				'description' => _('Login shell'),
 				'help' => 'loginShell',
 				'example' => '/bin/bash',
-				'values' => implode(", ", getshells()),
+				'values' => implode(", ", $this->getShells()),
 				'default' => '/bin/bash'
 			),
 			array(
@@ -384,6 +389,10 @@ class posixAccount extends baseModule implements passwordService {
 				"Headline" => _("Suffix for UID/user name check"),
 				"Text" => _("LAM checks if the entered user name and UID are unique. Here you can enter the LDAP suffix that is used to search for duplicates. By default the account type suffix is used. You only need to change this if you use multiple server profiles with different OUs but need unique user names or UIDs.")
 			),
+			'loginShells' => array(
+				"Headline" => _("Login shells"),
+				"Text" => _("This is the list of valid login shells.")
+			),
 			'user' => array(
 				'uid' => array(
 					"Headline" => _("User name"), 'attr' => 'uid',
@@ -411,7 +420,7 @@ class posixAccount extends baseModule implements passwordService {
 				),
 				'loginShell' => array(
 					"Headline" => _("Login shell"),
-					"Text" => _("To disable login use /bin/false. The list of shells is read from lam/config/shells")
+					"Text" => _("To disable login use /bin/false.")
 				),
 				'addgroup' => array(
 					"Headline" => _("Additional groups"),
@@ -1079,7 +1088,7 @@ class posixAccount extends baseModule implements passwordService {
 			$return->addElement(new htmlStatusMessage("ERROR", _('No Unix groups found in LDAP! Please create one first.')));
 			return $return;
 		}
-		$shelllist = getshells(); // list of all valid shells
+		$shelllist = $this->getShells(); // list of all valid shells
 
 		// set default values
 		if (!isset($this->attributes['uid'][0]) && ($this->getAccountContainer()->getAccountModule('inetOrgPerson') != null)) {
@@ -1390,7 +1399,7 @@ class posixAccount extends baseModule implements passwordService {
 			$groups[] = $groupList[$i][1];
 		}
 		if ($this->get_scope() == 'user') {
-			$shelllist = getshells(); // list of all valid shells
+			$shelllist = $this->getShells(); // list of all valid shells
 			// primary Unix group
 			$return->addElement(new htmlTableExtendedSelect('posixAccount_primaryGroup', $groups, array(), _('Primary group'), 'gidNumber'), true);
 			// additional group memberships
@@ -1746,7 +1755,7 @@ class posixAccount extends baseModule implements passwordService {
 				if ($rawAccounts[$i][$ids['posixAccount_shell']] == "") {
 					$partialAccounts[$i]['loginShell'] = '/bin/bash';
 				}
-				elseif (in_array($rawAccounts[$i][$ids['posixAccount_shell']], getshells())) {
+				elseif (in_array($rawAccounts[$i][$ids['posixAccount_shell']], $this->getShells())) {
 					$partialAccounts[$i]['loginShell'] = $rawAccounts[$i][$ids['posixAccount_shell']];
 				}
 				else {
@@ -2140,7 +2149,7 @@ class posixAccount extends baseModule implements passwordService {
 			));
 		}
 		if (in_array('loginShell', $fields)) {
-			$shelllist = getshells(); // list of all valid shells
+			$shelllist = $this->getShells(); // list of all valid shells
 			$loginShell = '';
 			if (isset($attributes['loginShell'][0])) $loginShell = $attributes['loginShell'][0];
 			$loginShellField = new htmlSelect('posixAccount_loginShell', $shelllist, array($loginShell));
@@ -2216,7 +2225,7 @@ class posixAccount extends baseModule implements passwordService {
 			}
 		}
 		if (in_array('loginShell', $fields) && !in_array('loginShell', $readOnlyFields)) {
-			$shelllist = getshells(); // list of all valid shells
+			$shelllist = $this->getShells(); // list of all valid shells
 			if (in_array($_POST['posixAccount_loginShell'], $shelllist)
 					&& (!isset($attributes['loginShell']) || ($attributes['loginShell'][0] != $_POST['posixAccount_loginShell']))) {
 				$return['mod']['loginShell'][0] = $_POST['posixAccount_loginShell'];
@@ -2604,6 +2613,33 @@ class posixAccount extends baseModule implements passwordService {
 		return $userName;
 	}
 	
+	/**
+	 * Returns the list of possible login shells.
+	 * 
+	 * @return array login shells
+	 */
+	private function getShells() {
+		// self service
+		if (!isset($_SESSION['loggedIn']) && isset($this->selfServiceSettings) && isset($this->selfServiceSettings->moduleSettings['posixAccount_shells'])
+			&& (sizeof($this->selfServiceSettings->moduleSettings['posixAccount_shells'])) > 0) {
+			return $this->selfServiceSettings->moduleSettings['posixAccount_shells'];
+		}
+		// server profile
+		if (!isset($this->selfServiceSettings) && isset($this->moduleSettings) && isset($this->moduleSettings['posixAccount_shells'])
+			&& (sizeof($this->moduleSettings['posixAccount_shells'])) > 0) {
+			return $this->moduleSettings['posixAccount_shells'];
+		}
+		// fall back to default
+		return array(
+			'/bin/bash',
+			'/bin/csh',
+			'/bin/dash',
+			'/bin/false',
+			'/bin/ksh',
+			'/bin/sh'
+		);
+	}
+	
 }
 
 ?>