diff --git a/ansible/roles/pam_slurm_adopt/tasks/main.yml b/ansible/roles/pam_slurm_adopt/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7d80de8e12d6e296960aeaf8a590bfa1e4497849
--- /dev/null
+++ b/ansible/roles/pam_slurm_adopt/tasks/main.yml
@@ -0,0 +1,46 @@
+---
+# restrict user access to nodes
+- name: Get version and release for slurm-pam pkg
+  shell: rpm -q --qf "%{VERSION}-%{RELEASE}\n" slurm-client
+  register: ver
+
+- debug:
+    var: ver
+
+- name: Install slurm-pam package
+  yum:
+    name: "slurm-pam-{{ ver.stdout }}"
+    state: present
+
+- name: Create new pam file wihtout pam_systemd.so
+  shell: grep -v pam_systemd.so < /etc/pam.d/password-auth > /etc/pam.d/password-auth-no-systemd
+
+- name: Update sshd pam file
+  blockinfile:
+    path: /etc/pam.d/sshd
+    insertbefore: "^account.+password-auth$"
+    backup: yes
+    marker: "# {mark} PAM config for Slurm"
+    marker_begin: "BEGIN account"
+    marker_end: "END account"
+    block: |
+      "-account    sufficient     pam_slurm_adopt.so"
+      "account    required   pam_access.so"
+
+- name: Update sshd pam file
+  blockinfile:
+    path: /etc/pam.d/sshd
+    insertbefore: "^session.+postlogin$"
+    backup: yes
+    marker: "# {mark} - PAM config for Slurm"
+    marker_begin: "BEGIN session"
+    marker_end: "END session"
+    block: |
+      "session    include      password-auth-no-systemd"
+
+- name: Update secure access config for the node
+  lineinfile:
+    dest: /etc/security/access.conf
+    line: "-:ALL EXCEPT root mhanby_ cmcclung_ (sysadmins) (atlab):ALL"
+    owner: root
+    mode: 0644