Apple MacBook Pro Fingerprint

sudo with Touch ID on macOS

Apple Touch ID with sudo in macOS

If you like to integrate Touch ID in sudo, you can do this easily in macOS and use the fingerprint.

Integration in sudo

Just edit the /private/etc/pam.d/sudo file and put a line inside.

sudo -e /private/etc/pam.d/sudo

Put the following information inside:

auth       sufficient

The file should look like:

# sudo: auth account password session
auth       sufficient
auth       sufficient
auth       required
account    required
password   required
session    required


To test the integration, just echo with sudo.

sudo echo "test"
sudo with Touch ID
sudo with Touch ID

Update: If you are using iTerm2:

Turn off Prefs > Advanced > Allow sessions to survive logging out and back in.

1 thought on “sudo with Touch ID on macOS”

  1. There are a bunch of other files in /etc/pam.d. What would adding this line to the top of those do? For example, would adding it to /etc/pam.d/su work? What do the other files do?


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.