Tag Archive

Terminal Secure Keyboard Entry and sudo with Touch ID on macOS

Posted on December 2, 2023 by alanysiu

At one point or another, you may have discovered that you can enable Touch ID for sudo in the macOS terminal. You used to have to manually edit the /etc/pam.d/sudo file after every macOS update to re-enable it, but now you can keep it enabled permanently.

When you have Touch ID enabled for sudo, you get this cool little prompt for your fingerprint when you use a sudo command:

But if you have Secure Keyboard Entry enabled…

… you may notice that the Touch ID prompt shows up but is greyed out…

… and you’ll have to click on it with your mouse in order for Touch ID to work for sudo

So, if that annoys you, you may want to uncheck Secure Keyboard Entry (either temporarily or permanently).

0

Using Touch ID for sudo on macOS… even after installing an OS update

Posted on November 8, 2023 by alanysiu

For a while, you were able to use Touch ID for sudo on macOS by editing the /etc/pam.d/sudo file to have a line like


auth sufficient pam_tid.so

In previous macOS versions, that file would get overwritten when you updated (say, from 13.6 to 13.6.1), but in macOS 14 (Sonoma) and supposedly in future versions, you can now have that persist by setting up a /etc/pam.d/sudo_local file with these contents (only three lines, even if it wraps):


# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
auth sufficient pam_tid.so

And then making sure the /etc/pam.d/sudo file contains this line:


auth include sudo_local

After that, if you update from macOS 14.1 to 14.1.1 or 14.2 or 14.3, you should still be able to use Touch ID for sudo commands without having to manually edit the /etc/pam.d/sudo file every time.

0