diff --git a/ansible/roles/password_auth/tasks/main.yaml b/ansible/roles/password_auth/tasks/main.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..838d02ea30aa5c66b76836974bad439219bcdd91
--- /dev/null
+++ b/ansible/roles/password_auth/tasks/main.yaml
@@ -0,0 +1,45 @@
+---
+- name: Create a temporary folder
+  ansible.builtin.file:
+    path: /tmp/passwd_auth
+    state: directory
+    mode: "0755"
+
+- name: Download config files from S3
+  aws_s3:
+    mode: get
+    s3_url: "{{ S3_ENDPOINT }}"
+    bucket: "{{ password_auth_bucket }}"
+    object: "{{ password_auth_object }}"
+    dest: "/tmp/{{ password_auth_object }}"
+    aws_access_key: "{{ LTS_ACCESS_KEY }}"
+    aws_secret_key: "{{ LTS_SECRET_KEY }}"
+
+- name: Unpack the tarball
+  ansible.builtin.unarchive:
+    src: "/tmp/{{ password_auth_object }}"
+    dest: "/tmp/passwd_auth"
+    remote_src: yes
+
+- name: Place config files
+  ansible.builtin.copy:
+    src: "/tmp/passwd_auth/{{ item.file }}"
+    dest: "{{ item.dest }}/"
+    mode: "{{ item.mode }}"
+    owner: root
+    group: root
+  loop:
+    - {"file": "authconfig", "dest": "/etc/sysconfig", "mode": "0644"}
+    - {"file": "fingerprint-auth-ac", "dest": "/etc/pam.d", "mode": "0644"}
+    - {"file": "ldap.conf", "dest": "/etc/openldap", "mode": "0644"}
+    - {"file": "nslcd.conf", "dest": "/etc", "mode": "0600"}
+    - {"file": "password-auth-ac", "dest": "/etc/pam.d", "mode": "0644"}
+    - {"file": "smartcard-auth-ac", "dest": "/etc/pam.d", "mode": "0644"}
+    - {"file": "sssd.conf", "dest": "/etc/sssd", "mode": "0600"}
+    - {"file": "sssdpamproxy", "dest": "/etc/pam.d", "mode": "0644"}
+    - {"file": "system-auth-ac", "dest": "/etc/pam.d", "mode": "0644"}
+
+- name: Clean up the temporary folder
+  ansible.builtin.file:
+    path: /tmp/passwd_auth
+    state: absent