Skip to content

Support us at

Authors: fire1ce | Created: 2022-06-19 | Last update: 2024-02-26

TouchID for sudo

Apple devices such Macbooks and some Apple Magic Keyboards have a fingerprint - Touch ID scanner that can be used to authenticate a user with a touch of a finger. This functionality isn't available when using sudo to run commands. You have to enter your password every time you run commands with high privileges.

We can enable TouchID for sudo with a simple config change. This will allow you to use Touch ID to authenticate with sudo without entering your password including the authentication with Apple Watch.

Display Link - Known Issue

As of the writing of this article, the Display Link Driver will privent the use of Touch ID for sudo when using the Display link device. It will work when the Display Link device isn't connected. This is a known issue.

Enable TouchID for sudo

Open in text editor file with sudo privileges /etc/pam.d/sudo. In the next example we will use the nano editor.

sudo nano /etc/pam.d/sudo

Add at the top of the config file this line:

auth       sufficient     pam_tid.so

Your config should look like this:

sudo config

Save and Exit.

You can test your TouchID prompt in terminal by opening new session and running:

sudo -l

Enable TouchID Support in iTerm2

In order to enable TouchID support in iTerm2, you need to complete the above section and then follow the steps below:

Go to iTerm2 -> Preferences -> Advanced and search for:

Allow session to survive

Change Allow session to survive logging out and back in. to No

iterm2 config

You can test your TouchID prompt in iTerm2 by opening new session and running:

sudo -l

Comments