sudo with Touch ID on macOS

If you like to integrate Touch ID in sudo, you can do this easily in macOS and use the fingerprint.

Integration in sudo

Just edit the /private/etc/pam.d/sudo file and put a line inside.

sudo -e /private/etc/pam.d/sudo

Put the following information inside:

auth       sufficient

The file should look like:

# sudo: auth account password session
auth       sufficient
auth       sufficient
auth       required
account    required
password   required
session    required


To test the integration, just echo with sudo.

sudo echo "test"
Update: If you are using iTerm2:

Turn off Prefs > Advanced > Allow sessions to survive logging out and back in.

If you want to return, repair or sell your Apple device. Then you should make sure that all data is deleted. This way the fingerprint information should also be deleted.

Clear Touch Bar information

To delete the fingerprint information, the Apple device must be set to Recorvery mode and open the Terminal.

  1. Restart
  2. Hold down Command-R
  3. Utilities -> Terminal
xartutil –erase-all

You get the question if you are sure, you have to confirm this with “yes” and press Return.


After rebooting, you can easily check the settings to see if it worked.

no fingerprint