diff --git a/tasks/pam.yml b/tasks/pam.yml
index ee53f14..eff3717 100644
--- a/tasks/pam.yml
+++ b/tasks/pam.yml
@@ -1,15 +1,27 @@
 ---
-- name: Set pam module configuration
-  pamd:
-    name: "{{ item.name | default('system-auth') }}"
-    type: "{{ item.type | default('auth') }}"
-    module_path: "{{ item.module_path | default('pam_unix.so') }}"
-    control: "{{ item.control }}"
-    new_type: "{{ item.new_type | default(omit) }}"
-    new_module_path: "{{ item.new_module_path | default(omit) }}"
-    new_control: "{{ item.new_control | default(omit) }}"
-    state: "{{ item.state | default('args_present') }}"
-    module_arguments: "{{ item.module_arguments | default(omit) }}"
-  loop: "{{ pam_settings + pam_settings_extra }}"
+- block:
+    - name: Set pam module configuration
+      pamd:
+        name: "{{ item.name | default('system-auth') }}"
+        type: "{{ item.type | default('auth') }}"
+        module_path: "{{ item.module_path | default('pam_unix.so') }}"
+        control: "{{ item.control }}"
+        new_type: "{{ item.new_type | default(omit) }}"
+        new_module_path: "{{ item.new_module_path | default(omit) }}"
+        new_control: "{{ item.new_control | default(omit) }}"
+        state: "{{ item.state | default('args_present') }}"
+        module_arguments: "{{ item.module_arguments | default(omit) }}"
+      loop: "{{ pam_settings + pam_settings_extra }}"
+    
+    - name: Auto-update items with state: before/after
+      pamd:
+        name: "{{ item.name | default('system-auth') }}"
+        type: "{{ item.new_type }}"
+        module_path: "{{ item.new_module_path }}"
+        control: "{{ item.new_control }}"
+        state: updated
+        module_arguments: "{{ item.module_arguments | default(omit) }}"
+      loop: "{{ pam_settings + pam_settings_extra }}"
+      when: item.state == "before" or item.state == "after"
   become: True
   become_user: root