Add TouchID authentication to sudo
Now that I have a TouchID enabled Mac, I want to be able use TouchID for sudo access.
There’s a pam module available, so it just needs enabling:
- Edit /etc/pam.d/sudo
- Add a new line under line 1 (which is a comment) containing:
1auth sufficient pam_tid.so
(Leave all other lines in this file.)
That’s it. Now, whenever you use sudo, you have the option of using TouchID to authenticate.
It turns out that whenever there’s an OS update, /etc/pam.d/sudo is reset, so you need to re-add the line. Hence, I wrote a script called /usr/local/bin/enable-touch-id:
case `grep -F "pam_tid" /etc/pam.d/sudo >/dev/null; echo $?` in
echo "TouchID unlock already in place"
sudo sed -i '' '1a\
auth sufficient pam_tid.so
echo "TouchID unlock enabled"
echo "Error trying to read /etc/pam.d/sudo"
Don’t forget to enable execute permissions with chmod a+x /usr/local/bin/enable-touch-id and then you can simply run it after every OS update.