Last active
December 20, 2020 16:24
-
-
Save marzvrover/61f09a89134127c6e68d34f0c7bd8a90 to your computer and use it in GitHub Desktop.
A simple tool to add Touch ID to sudo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Write the new file | |
| awk 'NR==2 {print "auth sufficient pam_tid.so"} 1' /etc/pam.d/sudo > /etc/pam.d/sudo.new | |
| # Make a backup of the current file | |
| cp /etc/pam.d/sudo /etc/pam.d/sudo.bak | |
| # Replace the current file with the new file | |
| mv /etc/pam.d/sudo.new /etc/pam.d/sudo | |
| # If you need to restore the backup and do not have | |
| # access to sudo due to the issue. Reboot into recoveryOS | |
| # Mount your data volume | |
| # Open the terminal and cd to | |
| # /Volumes/<data volume>/private/etc/pam.d | |
| # mv sudo.bak sudo |
One would think by now with macOS 11 Big Sur that wouldn't be needed
One would think Big Sur isn't needed ;-)
I'll bookmark this thread and I'll play with Touch ID and other PAM methods that Big Sur supports on my M1 mini when I'm next out of things to do 💯
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@stemount I haven't. I found speculation that resetting
/etc/pam.d/*files to stock was related to updating from systems without SIP, but SIP was introduced with OS X 10.11 El Capitan. One would think by now with macOS 11 Big Sur that wouldn't be needed. This should be affecting not just TouchID users, but users of SmartCards and other alternative authentication methods.