diff --git a/templates/etc/pve/domains.cfg.j2 b/templates/etc/pve/domains.cfg.j2
index 9e4baee..2ba8dd9 100644
--- a/templates/etc/pve/domains.cfg.j2
+++ b/templates/etc/pve/domains.cfg.j2
@@ -1,13 +1,29 @@
 # {{ ansible_managed }}
 
-pam: pam
-    comment Linux PAM standard authentication
+{% if pve_auth_pam_enabled %}
+pam: {{ pve_auth_pam_realm }}
+    comment {{ pve_auth_pam_description }}
+    default {{ 1 if pve_auth_pam_is_default else 0 }}
+    {% if pve_auth_pam_tfa_oath_enabled and not pve_auth_pam_tfa_yubico_enabled %}
+    tfa type=oath,step={{ pve_auth_pam_tfa_oath_timestep }},digits={{ pve_auth_pam_tfa_oath_pwlength }}
+    {% elif pve_auth_pam_tfa_yubico_enabled and not pve_auth_pam_tfa_oath_enabled %}
+    tfa type=yubico,id={{ pve_auth_pam_tfa_yubico_api_id }},key={{ pve_auth_pam_tfa_yubico_api_key }},url={{ pve_auth_pam_tfa_yubico_url }}
+    {% endif %}
+{% endif %}
 
-pve: pve
-    comment Proxmox VE authentication server
+{% if pve_auth_pve_enabled %}
+pve: {{ pve_auth_pve_realm }}
+    comment {{ pve_auth_pve_description }}
+    default {{ 1 if pve_auth_pve_is_default else 0 }}
+    {% if pve_auth_pve_tfa_oath_enabled and not pve_auth_pve_tfa_yubico_enabled %}
+    tfa type=oath,step={{ pve_auth_pve_tfa_oath_timestep }},digits={{ pve_auth_pve_tfa_oath_pwlength }}
+    {% elif pve_auth_pve_tfa_yubico_enabled and not pve_auth_pve_tfa_oath_enabled %}
+    tfa type=yubico,id={{ pve_auth_pve_tfa_yubico_api_id }},key={{ pve_auth_pve_tfa_yubico_api_key }},url={{ pve_auth_pve_tfa_yubico_url }}
+    {% endif %}
+{% endif %}
 
 {% if pve_auth_ldap_enabled %}
-ldap: {{ pve_auth_ldap_relam }}
+ldap: {{ pve_auth_ldap_realm }}
     comment {{ pve_auth_ldap_description }}
     base_dn {{ pve_auth_ldap_base_dn }}
     server1 {{ pve_auth_ldap_primary_server }}