Enabling TouchID for sudo (terminal)
In Mac Geek Gab 894 a proposed method to enable Touch ID was discussed. I've looked it over, and the proposed method is extremely dangerous because it overwrites /etc/pam.d/sudo with something that is not guaranteed to be correct in future versions. If Apple makes a change, you could potentially make it impossible to sudo by any means!
Instead, it’s better to use something not as ‘cool’ (i.e. a single line in crontab). The solution is as follows:
Create /usr/local/bin/update_sudo_tid.sh with the following shell script:
#!/bin/bash if [[ `grep tid /etc/pam.d/sudo` ]] then echo "TouchID already enabled" else sed -i '' '1 a\ auth sufficient pam_tid.so\ ' /etc/pam.d/sudo echo "Enabling TouchID for sudo"; fi
That will add the Touch ID line following the comment (technically, following the first line). Make the shell script executable
chmod +x /usr/local/bin/update_sudo_tid.sh
Then add the following to crontab with crontab -e:
This will preserve any changes Apple makes.
Of course, this should be 'sudo @reboot /usr/local/bin/update_sudo_tid.sh' so that it runs as root! Sorry about that!