Using Touch ID for sudo on macOS… even after installing an OS update

For a while, you were able to use Touch ID for sudo on macOS by editing the /etc/pam.d/sudo file to have a line like

auth sufficient

In previous macOS versions, that file would get overwritten when you updated (say, from 13.6 to 13.6.1), but in macOS 14 (Sonoma) and supposedly in future versions, you can now have that persist by setting up a /etc/pam.d/sudo_local file with these contents (only three lines, even if it wraps):

# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
auth sufficient

And then making sure the /etc/pam.d/sudo file contains this line:

auth include sudo_local

After that, if you update from macOS 14.1 to 14.1.1 or 14.2 or 14.3, you should still be able to use Touch ID for sudo commands without having to manually edit the /etc/pam.d/sudo file every time.






Leave a Reply

Your email address will not be published. Required fields are marked *