Apple Touch ID with sudo in macOS

If you like to integrate Touch ID in sudo, you can do this easily in macOS and use the fingerprint.

Integration in sudo

Just edit the /private/etc/pam.d/sudo file and put a line inside.

sudo -e /private/etc/pam.d/sudo

Put the following information inside:

auth       sufficient     pam_tid.so

The file should look like:

# sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Testing

To test the integration, just echo with sudo.

sudo echo "test"

Update: If you are using iTerm2:

Turn off Prefs > Advanced > Allow sessions to survive logging out and back in.

Safematix IT-Security

Tag Archives: Touch ID

sudo with Touch ID on macOS

Apple Touch ID with sudo in macOS

Integration in sudo

Testing

Linux, BSD, Unix and Security tips