Skip to content

Instantly share code, notes, and snippets.

@seyhani

seyhani/sudo-touchid.md

Created March 23, 2023 16:00
Show Gist options
  • Save seyhani/c6f1e1da5190508378568feb79640ce1 to your computer and use it in GitHub Desktop.
Save seyhani/c6f1e1da5190508378568feb79640ce1 to your computer and use it in GitHub Desktop.
Download ZIP
Use Touch ID for sudo in mac terminal
Raw
sudo-touchid.md

Enable Touch ID for sudo

sudo vim /etc/pam.d/sudo

Add the following line at the beginning:

auth       sufficient     pam_tid.so

Fix tmux issue

brew install pam-reattach
sudo vim /etc/pam.d/sudo

Add the following at the beginning:

auth       optional       /opt/homebrew/lib/pam/pam_reattach.so ignore_ssh

Enable Apple Watch support

Note that using the aforementioned method, you can also use watch to unlock as it approves the touchid while you wear it, so you probaably won’t need the following.

auth       sufficient     /opt/homebrew/lib/pam/pam_watchid.so

Finally your sudo file should look like this:

# sudo: auth account password session
auth       optional       /opt/homebrew/lib/pam/pam_reattach.so ignore_ssh
auth       sufficient     /opt/homebrew/lib/pam/pam_watchid.so
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment