Stop asking for my password dude!
- Til
- May 2, 2023
It’s been a while since I discovered the ability to use Touch ID to authenticate sudo commands on my Mac.
The idea is simple: instead of typing your password every time you need to run a command as a superuser, you can use your fingerprint to authenticate.
There are some security concerns about using the Touch ID in general (e.g. someone can force you to unlock your Mac with your fingerprint or gather your fingerprints from a glass… or furniture), but I think it’s a good trade-off between security and convenience.
Moreover, if you use it anyway it should not be a big deal.
So how to enable it?
It’s pretty simple. You just need to edit (as the superuser) the /etc/pam.d/sudo file:
# Make a backup of the file first
$ sudo cp /etc/pam.d/sudo ~/etc/pam/sudo.bak
# Edit the file
$ sudo vim /etc/pam.d/sudo
and add auth sufficient pam_tid.so at the top of the file. It should look like this:
auth sufficient pam_tid.so
auth sufficient pam_smartcard.so
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Then make sure that your changes have been saved, and you exit the editor.
Once you’ve done that, you can test it by running any sudo command (the best way to do it is to open a new terminal window).
Why I’m writing about it?
The problem is that every time you update your Mac, the /etc/pam.d/sudo file is overwritten and you need to edit it again.
It’s not a big deal, but it’s annoying.
What I have learned?
Nothing new, or maybe not much.. technically, however:
- First - I wrote this post for myself, so I can find it easily and do it quickly.
- Second - This typing helps me to remember it (so hopefully today I did a step to remember it better).
P.S. I hope that this short “article” will help someone else, and I promise to add some automation follow-up in the next post.
P.P.S. You can find more information about other awesome macOS command line features below:
BTW Thanks to NetworkChuck for this video!
