TouchID for sudo¶
Apple devices such Macbooks and some Apple Magic Keyboards have a fingerprint - Touch ID scanner that can be used to authenticate a user with a touch of a finger. This functionality isn't available when using sudo
to run commands. You have to enter your password every time you run commands with high privileges.
We can enable TouchID for sudo with a simple config change. This will allow you to use Touch ID to authenticate with sudo
without entering your password including the authentication with Apple Watch.
Display Link - Known Issue
As of the writing of this article, the Display Link Driver will privent the use of Touch ID for sudo when using the Display link device. It will work when the Display Link device isn't connected. This is a known issue.
Enable TouchID for sudo¶
Open in text editor file with sudo privileges /etc/pam.d/sudo
. In the next example we will use the nano
editor.
sudo nano /etc/pam.d/sudo
Add at the top of the config file this line:
auth sufficient pam_tid.so
Your config should look like this:
Save and Exit.
You can test your TouchID prompt in terminal by opening new session and running:
sudo -l
Enable TouchID Support in iTerm2¶
In order to enable TouchID support in iTerm2, you need to complete the above section and then follow the steps below:
Go to iTerm2
-> Preferences
-> Advanced
and search for:
Allow session to survive
Change Allow session to survive logging out and back in. to No
You can test your TouchID prompt in iTerm2 by opening new session and running:
sudo -l