Using TouchID with Sudo in Terminal or iTerm

Warning!

This was written over two years ago, so some information might be outdated. Frameworks and best practices change. The web moves fast! You may need to adjust a few things if you follow this article word for word.

Now that I've got a mac with TouchID, I rarely use my password. It's incredible how convenient that little button is. One place I found myself still typing my password was running sudo commands in the terminal.

Here's how you can use TouchID with the terminal too!

Enabling TouchID with Sudo

First, open the /etc/pam.d/sudo in an editor with admin permissions. I had to use sudo to do this with the following command:

Copied!

1sudo code /etc/pam.d/sudo

sudo code /etc/pam.d/sudo1sudo code /etc/pam.d/sudo

sudo code /etc/pam.d/sudo

Add auth sufficient pam_tid.so to the file, here's what mine looks like now:
(I only added the line with pam_tid.so on it.)

Copied!

1# sudo: auth account password session
2auth       sufficient     pam_tid.so
3auth       sufficient     pam_smartcard.so
4auth       required       pam_opendirectory.so
5account    required       pam_permit.so
6password   required       pam_deny.so
7session    required       pam_permit.so

# sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so1# sudo: auth account password session
2auth       sufficient     pam_tid.so
3auth       sufficient     pam_smartcard.so
4auth       required       pam_opendirectory.so
5account    required       pam_permit.so
6password   required       pam_deny.so
7session    required       pam_permit.so

# sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

iTerm Support

iTerm has an advanced option that you also need to set for this to work properly. Go to
Preferences ⇒ Advanced ⇒ Allow sessions to survive after logging out and back in

Change this setting to No.
Allow Sessions to survive

Restart iTerm and try it out!

TouchID Sudo with iTerm

Enjoy this article? Follow me on Twitter for more tips, articles and links.

LIKES

MENTIONS

Older

« Setting Up an M1 Mac for Laravel Development with Homebrew, PHP, MySQL, Valet and Redis

Newer

Creating a Statamic Code Demo Component »

Using TouchID with Sudo in Terminal or iTerm

Enabling TouchID with Sudo

iTerm Support

Join the Newsletter ❤️