fraune/touch_id_sudo.sh

Last active September 19, 2025 22:02

Star (6) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/fraune/0831edc01fa89f46ce43b8bbc3761ac7.js"></script>
Save fraune/0831edc01fa89f46ce43b8bbc3761ac7 to your computer and use it in GitHub Desktop.

Download ZIP

Let Touch ID authorize the `sudo` terminal command in macOS 14+

Raw

touch_id_sudo.sh

sudo sh -c 'echo "auth sufficient pam_tid.so" > /etc/pam.d/sudo_local'

fatso83 commented Aug 28, 2024

At first, I thought the specific file name was baloney, as usually .*d directories are for stuffing whatever in, but after some searching it checks out. In the Apple Business Release notes for Sonoma (HT213893), it specifically says that changes to /etc/pam.d/sudo_local are persistent and that one can look to /etc/pam.d/sudo_local.template for more info. And lo and behold:

❯ cat /etc/pam.d/sudo_local.template
# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
#auth       sufficient     pam_tid.so

Author

fraune commented Sep 11, 2024

Thanks again @andrewcrook and @fatso83

I have found success using sudo_local. I will be updating the original post to reflect this.

The revisions of this gist will still reflect the hack used for older versions of macOS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment