diff --git a/defaults/main.yml b/defaults/main.yml
index cfa145b..fffaae3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -43,6 +43,7 @@ postgres_users: []
 #   login_unix_socket: # defaults to 1st of postgres_socket_directories
 #   port: # defaults to not set
 #   state: # defaults to 'present'
+#   pam_user: # defaults to not set
 
 postgres_hba_entries:
   - {type: local, database: all, user: all, auth_method: peer}
diff --git a/tasks/config.yml b/tasks/config.yml
index 89bbebb..9995394 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -7,6 +7,13 @@
       mode: 0600
     notify: __postgres_restart
 
+  - name: Create local users for pam auth
+    user:
+      name: "{{ item.name }}"
+      password: "{{ item.password }}"
+    with_items: "{{ postgres_users }}"
+    when: item.pam_user | default(False)
+
   - name: Setup client authentication
     template:
       src: postgresql/data/pg_hba.conf.j2