For a while, you were able to use Touch ID for sudo
on macOS by editing the /etc/pam.d/sudo
file to have a line like
auth sufficient pam_tid.so
In previous macOS versions, that file would get overwritten when you updated (say, from 13.6 to 13.6.1), but in macOS 14 (Sonoma) and supposedly in future versions, you can now have that persist by setting up a /etc/pam.d/sudo_local
file with these contents (only three lines, even if it wraps):
# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
auth sufficient pam_tid.so
And then making sure the /etc/pam.d/sudo
file contains this line:
auth include sudo_local
After that, if you update from macOS 14.1 to 14.1.1 or 14.2 or 14.3, you should still be able to use Touch ID for sudo
commands without having to manually edit the /etc/pam.d/sudo
file every time.
Leave a Reply