🕰️ logged on 2023.05.17
🔖 tagged: apple, macos, sudo, terminal, touch-id
Important
This used to be done by editing the file /etc/pam.d/sudo but this file gets reset to default after changes such as security updates. Use the file /etc/pam.d/sudo_local instead!
Tip
Check out the Ansible template file here and the Ansible task here to automate this with Ansible! 🤙
I was recently handed a new company Macbook with device management policies. A strong password policy is enforced on the machine (as it should). However, this is quite the hassle with sudo (spare my fingers plzzzz) so I needed a method to authorize sudo commands with Touch ID. Luckily this was really straightforward by following the steps underneath.
- Create a file called
sudo_local.j2in /etc/pam.d - Ensure the file has the following line:
auth sufficient pam_tid.so - Restart your terminal
- Done