Did you know you can activate Touch ID (or some other biometric) support to authenticate sudo commands on your command line, in a way that survives operating system updates?
All you need to do is copy & modify a single file:
cd /etc/pam.d
sudo cp sudo_local.template sudo_local
sudo nano sudo_localAnd it should look like this when you are done:
# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
auth sufficient pam_tid.soThe way I see it, manually typing passwords isn’t just annoying; it’s an error-prone attack vector for key-logging and yet-another-barrier to productivity. To make software more secure, the best security stuff needs to be the most convenient option by default; this is one-of-many small steps towards that.
Comments
3 responses to “Persistent Touch ID for sudo on macOS”
You need to `cd /etc/pam.d` before the `cp`. 🙂
Oops! Of course! Fixed, thank you.
Great tip! I wonder why they don’t make this more obvious or even on by default.