(TIL) Mac: Use Touch ID to Authenticate Sudo Commands

less than 1 minute read

On newer MacBook Pros, you can add Touch ID as an acceptable method of authenticating sudo commands. This is done by editing the /etc/pam.d/sudo file:

$ cat /etc/pam.d/sudo
# sudo: auth account password session
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

$ sudo edit /etc/pam.d/sudo

Update the file to include the following line after the # sudo ... line:

auth       sufficient     pam_tid.so

Via maketecheasier.com.

Comments