How to Use Touch ID to Authenticate sudo on Mac OS

How to Use Touch ID to Authenticate sudo on Mac OS

If you have a Touch Bar equipped MacBook Pro and youre a frequent command line user, you may appreciate a trick that allows you to use Touch ID to authenticate sudo and su, rather than like some kind of digital neanderthal.

One notable problem (or trade-off) is that if you with this enabled, you wont be able to use sudo since Touch ID will not transmit. There are mixed reports that may be changed in beta versions of High Sierra however. Anyway, if youre an advanced Mac user with a Touch Bar and Touch ID equipped Mac, heres how you can enable Touch ID support for sudo authentication.

This is really not going to be applicable to novice users or those who dont spend a significant amount of time at the command line authenticating with sudo, and because this involves editing a system file its a good idea to backup your Mac before beginning this process. Back up your Mac before beginning. From the Terminal (of course), youll want to edit /etc/pam.d/sudo by adding a new line to it.

For our purposes here well use nano but youre free to use vim or emacs, or even a GUI app if youre so inclined. Now youre ready to go, Touch ID will now authenticate sudo rather than having to enter a password at the command line. And yes of course you can still use your password too. Note that some users report needing to reboot or refresh their shell to get this to work. Now the next time you run sudo or su to or run commands as root, youre able to authenticate by placing a finger onto Touch ID.

This is undeniably useful for Mac users with Touch ID machines, enough so that it should probably be a dedicated settings option somewhere rather than a command line modification. Another helpful trick is to , which in this case would mean extending the timeout before having to authenticate with Touch ID again. This tip comes to us from on Twitter where it has gained some popularity and was the first Id heard of it, but its worth mentioning that using sudo with Touch ID had been discussed before by on Github and on the web through various methods.

For those Mac users with Touch ID equipped machines and who spend a lot of time in the Terminal, this may appeal to you, so try it out! Oh and if you want to reverse this change, simply remove the auth sufficient pam_tid.so line from /etc/pam.d/sudo again.