-
-
Save fraune/0831edc01fa89f46ce43b8bbc3761ac7 to your computer and use it in GitHub Desktop.
| sudo sh -c 'echo "auth sufficient pam_tid.so" > /etc/pam.d/sudo_local' |
If anyone wants to get this running in bash, try changing the read prompt:
read -p "Touch ID is not enabled for sudo. Would you like to enable it now? [y/n]: " response
This only works for some time, If you get updates you have to apply again. Is there a way to make it permanently?
Add the line to /etc/pam.d/sudo_local apparently that file survives software updates.
@andrewcrook Thanks for the info. Next time an update comes, I’ll give this a test and update the original post!
At first, I thought the specific file name was baloney, as usually .*d directories are for stuffing whatever in, but after some searching it checks out. In the Apple Business Release notes for Sonoma (HT213893), it specifically says that changes to /etc/pam.d/sudo_local are persistent and that one can look to /etc/pam.d/sudo_local.template for more info. And lo and behold:
❯ cat /etc/pam.d/sudo_local.template
# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
#auth sufficient pam_tid.so
Thanks again @andrewcrook and @fatso83
I have found success using sudo_local. I will be updating the original post to reflect this.
The revisions of this gist will still reflect the hack used for older versions of macOS.
Great, thanks!