Using Touch ID for sudo on macOS… even after installing an OS update

For a while, you were able to use Touch ID for sudo on macOS by editing the /etc/pam.d/sudo file to have a line like

auth sufficient pam_tid.so

In previous macOS versions, that file would get overwritten when you updated (say, from 13.6 to 13.6.1), but in macOS 14 (Sonoma) and supposedly in future versions, you can now have that persist by setting up a /etc/pam.d/sudo_local file with these contents (only three lines, even if it wraps):

# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
auth sufficient pam_tid.so

And then making sure the /etc/pam.d/sudo file contains this line:

auth include sudo_local

After that, if you update from macOS 14.1 to 14.1.1 or 14.2 or 14.3, you should still be able to use Touch ID for sudo commands without having to manually edit the /etc/pam.d/sudo file every time.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *