Skip to content

Instantly share code, notes, and snippets.

@4np

4np/touch-id-to-sudo.md

Created November 4, 2024 08:28
Show Gist options
  • Save 4np/108b71b8b94fbbaad7cce25785db6123 to your computer and use it in GitHub Desktop.
Save 4np/108b71b8b94fbbaad7cce25785db6123 to your computer and use it in GitHub Desktop.
Download ZIP
Use Touch ID or Apple Watch to sudo or authorize other Administrator tasks.
Raw
touch-id-to-sudo.md

sudo using Touch ID or Apple Watch double press

It is possible to enable Touch ID to authorize sudo and other administrative tasks. If you have linked an Apple Watch you'll also be able to double press the Apple watch side button to approve.

You need to do the following in terminal:

cd /etc/pam.d/
sudo cp sudo_local.template sudo_local

Then edit sudo_local and uncomment the #auth sufficient pam_tid.so line:

sudo nano sudo_local

So the contents look like this:

# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
auth       sufficient     pam_tid.so

Now you'll be able to use Touch ID to sudo or for any other administrator task.

To (re)enable Apple Watch double press on the side button to authorize, you need to got to your mac's System Settings > Touch ID & Password and toggle the switch off and back on for your linked Apple Watch (and type your password).

Note you need to do the Apple Watch step every time after your password was changed!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment