Each day that I wake up I try and figure out if I can do less work than yesterday. With this in mind I was playing around to see if there is a way to save me typing my password each time I SUDO. It turns out this is quite a simple change…
Open Terminal and run the following to edit sudos behaviour:
sudo nano /etc/pam.d/sudo
Next add the following to the top of the file:
auth sufficient pam_tid.so
The only issue with this is that
/etc/pam.d/sudo is overwritten on every macOS update (major, minor or patch – it is always overwritten and reset back to its default state).
In their “What’s new for enterprise in macOS Sonoma” document Apple listed the following in the “Bug fixes and other improvements” section:
Touch ID can be allowed for
sudowith a configuration that persists across software updates using
So lets create a template file in /etc/pam.d/sudo_local.template:
sudo nano /etc/pam.d/sudo_local.template
Next uncomment the auth line, as per:
# sudo_local: local config file which survives system update and is included fo$ # uncomment following line to enable Touch ID for sudo auth sufficient pam_tid.so
This should mean that Touch ID now survive system updates!
sudo ls # exit sudo sudo -k sudo ls
To enable Touch ID access on Iterm2. You need to do the following. Go to Prefs -> Advanced -> Allow sessions to survive logging out and back in and set value to no . Restart Iterm2 and touch ID authentication will work on Iterm2.