PHPnews.io

Add TouchID authentication to sudo

Written by Rob Allen / Original link on Nov. 17, 2021

Now that I have a TouchID enabled Mac, I want to be able use TouchID for sudo access.

There's a pam module available, so it just needs enabling:

That's it. Now, whenever you use sudo, you have the option of using TouchID to authenticate.

touch-id-sudo.png

Scripting it

It turns out that whenever there's an OS update, /etc/pam.d/sudo is reset, so you need to re-add the line. Hence, I wrote a script called /usr/local/bin/enable-touch-id:

#!/usr/bin/env bash

set -e

case `grep -F "pam_tid" /etc/pam.d/sudo >/dev/null; echo $?` in
  0)
    echo "TouchID unlock already in place"
    exit 0
    ;;
  1)
    sudo sed -i '' '1a\
auth       sufficient     pam_tid.so
    ' /etc/pam.d/sudo

    echo "TouchID unlock enabled"
    ;;
  *)
    echo "Error trying to read /etc/pam.d/sudo"
    ;;
esac

Don't forget to enable execute permissions with chmod a+x /usr/local/bin/enable-touch-id and then you can simply run it after every OS update.

roballen roballen

« GraphQL global ID migration update - Announcing the Final Schedule of SymfonyWorld Online 2021 Winter Conference »