Forum

Notifications
Clear all

Enabling TouchID for sudo (terminal)


penguintopia
(@penguintopia)
New Member
Joined: 5 years ago
Posts: 2
Topic starter  

In Mac Geek Gab 894 a proposed method to enable Touch ID was discussed. I've looked it over, and the proposed method is extremely dangerous because it overwrites /etc/pam.d/sudo with something that is not guaranteed to be correct in future versions. If Apple makes a change, you could potentially make it impossible to sudo by any means!

Instead, it’s better to use something not as ‘cool’ (i.e. a single line in crontab). The solution is as follows:

Create /usr/local/bin/update_sudo_tid.sh with the following shell script:

#!/bin/bash
if [[ `grep tid /etc/pam.d/sudo` ]]
then
     echo "TouchID already enabled"
else
     sed -i '' '1 a\
auth sufficient pam_tid.so\
' /etc/pam.d/sudo
     echo "Enabling TouchID for sudo";
fi

That will add the Touch ID line following the comment (technically, following the first line). Make the shell script executable

chmod +x /usr/local/bin/update_sudo_tid.sh

Then add the following to crontab with crontab -e:

@reboot /usr/local/bin/update_sudo_tid.sh

This will preserve any changes Apple makes.

-Stephen

 


Quote
Topic Tags
penguintopia
(@penguintopia)
New Member
Joined: 5 years ago
Posts: 2
Topic starter  
Posted by: @penguintopia

 

@reboot /usr/local/bin/update_sudo_tid.sh

Of course, this should be 'sudo @reboot /usr/local/bin/update_sudo_tid.sh' so that it runs as root! Sorry about that!


ReplyQuote
Share: