Created
October 30, 2022 17:50
-
-
Save rhanneken/5d85acdc7c0535969e47ef828f2b2e1c to your computer and use it in GitHub Desktop.
Patch to make it possible to use Touch ID for sudo authentication in macOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- /dev/null 2022-10-30 12:15:52.000000000 -0400 | |
+++ /private/etc/sudoers.d/pam_service 2022-08-01 18:14:44.000000000 -0400 | |
@@ -0,0 +1,9 @@ | |
+# Edit this file with the following command: | |
+# sudo visudo -f /private/etc/sudoers.d/pam_service | |
+# | |
+# The purpose of this file is to get pam to use | |
+# /usr/local/etc/pam.d/my_sudo instead of | |
+# /etc/pam.d/sudo for configuration. And the | |
+# reason for that is to enable touch id for sudo | |
+# authentication. | |
+Defaults pam_service = "my_sudo" | |
--- /dev/null 2022-10-30 12:15:52.000000000 -0400 | |
+++ /usr/local/etc/pam.d/my_sudo 2022-08-01 18:12:36.000000000 -0400 | |
@@ -0,0 +1,17 @@ | |
+# sudo: auth account password session | |
+# | |
+# This file should match /etc/pam.d/sudo | |
+# except this file has a line enabling | |
+# touch id authentication for sudo. That's | |
+# the line referencing pam_tid.so. | |
+# The reason pam uses this configuration | |
+# file for sudo instead of the original | |
+# configuration file is that sudo's | |
+# "pam_service" setting is redefined | |
+# in /private/etc/sudoers.d/pam_service | |
+auth sufficient pam_smartcard.so | |
+auth sufficient pam_tid.so | |
+auth required pam_opendirectory.so | |
+account required pam_permit.so | |
+password required pam_deny.so | |
+session required pam_permit.so |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To apply the patch, download the patch to a file and enter the following at a shell prompt:
sudo patch -Np0 < sudo_touch_id.patch