Many of those who have enabled Touch ID for Terminal/iTerm found out that the /etc/pam.d/sudo is reverted to its original state after reboot.
Setting the permission to edit the file, adding a necessary line, and reverting the permission back are all trivial operations that can be automated.
If you are a bash user, add these lines to your .bash_profile:
ensure_touch_id() {
local AUTH_FILE_PATH="/etc/pam.d/sudo"
local AUTH_FILE_LINES=()
local EXTENSION_NAME="pam_tid.so"
local EXTENSION_ADDED=false
if ! grep "$EXTENSION_NAME" "$AUTH_FILE_PATH" > /dev/null; then
sudo chmod 666 "$AUTH_FILE_PATH"
while read -r LINE; do
AUTH_FILE_LINES+=("$LINE")
if ! "$EXTENSION_ADDED" && [[ "$LINE" =~ ^# ]]; then
AUTH_FILE_LINES+=("auth sufficient $EXTENSION_NAME")
EXTENSION_ADDED=true
fi
done < "$AUTH_FILE_PATH"
printf "%s\n" "${AUTH_FILE_LINES[@]}" > "$AUTH_FILE_PATH"
sudo chmod 444 "$AUTH_FILE_PATH"
fi
}
ensure_touch_idOpening a new tab/window in Terminal/iTerm will be followed by a check of a Touch ID enablement. If the configuration is present, the script won't be demanding any actions from you. Otherwise, a sudo password prompt appears, the script does the job, and you are good until the next reboot.