Terminal with Touch ID

If you’re familiar with the Terminal, then you’ll know that familiarity with the sudo is essential.

For those who aren’t familiar with sudo, the command tells the system to run any commands following it with administrative privileges.

An example use case is the ability to edit files that would normally block you from doing so.

Because this command can completely break your system if misused, it requires authentication before doing anything.

This command typically requires an admin password, but a simple modification to a specific file allows for authentication using Touch ID.

Using your fingerprint can simplify the authentication process without compromising your system security.

NOTE: Only change the file as instructed. Editing this file has the potential to break the sudo command, leaving you without the most common method of administrating your system through the terminal.

Enabling Touch ID

To get started, open your terminal and enter the following command:

sudo nano /etc/pam.d/sudo

The files default contents should look something like this:

# sudo: auth account password session
auth       include        sudo_local
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

To enable Touch ID authentication when running sudo commands, simply insert the following line below the second one:

auth       sufficient     pam_tid.so

The contents of the file should now look something like this:

# sudo: auth account password session
auth       include        sudo_local
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

To verify that everything is working, open a new tab in your terminal and execute the previous command, or any command that requires sudo.

The system should ask for your Touch ID instead of your admin password.

Prompt for Touch ID

Conclusion

I hope this article provided you with what you were looking for. If you have any feedback, please leave a comment.

Credits

  • Apple – Parts of the Featured Image.