Skip to content

Instantly share code, notes, and snippets.

@farhaduneci

farhaduneci/how-to.md

Created May 31, 2024 12:43
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save farhaduneci/10e30162eceb12a87bcee92b247b8808 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save farhaduneci/10e30162eceb12a87bcee92b247b8808 to your computer and use it in GitHub Desktop.
Download ZIP
MacOS run sudo with Touch ID
Raw
how-to.md

Authenticate with Touch ID

By default running sudo commands is done via entering your password. If you would rather use your fingerprint to authenticate you must modify your sudo configuration.

MacOS Sonoma (14) and Later

  1. Copy /etc/pam.d/sudo_local.template to sudo_local 
    sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local
  2. Remove the comment character (#) from the auth line in sudo_local 
    # sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
auth       sufficient     pam_tid.so

MacOS Ventura (13) and Earlier

  1. Open /etc/pam.d/sudo in your preferred text editor
  2. Add auth sufficient pam_tid.so to the list of auth entries 
    # sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so
  3. Save and close the file

Note: /etc/pam.d/sudo is a default MacOS file so it will be overwritten by system updates. You will have to reapply this change after each time you update MacOS.

Original Document

@farhaduneci
Copy link
Author

farhaduneci commented Jul 11, 2024

visitors

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment