Skip to content
A pluggable authentication module that reattaches to the user's GUI (Aqua) session on macOS (for Touch ID support in tmux)
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
include feat: Add utility to reattach from command line Oct 31, 2018

pam_reattach Build Status

This is a PAM module for reattaching to the authenticating user's per-session bootstrap namespace on macOS (See TN2083 about bootstrap namespace). This allows users to make use of the pam_tid module (Touch ID) from within tmux.


This module should be invoked before the module that you want to put in the authenticating user's per-session bootstrap namespace. The module runs in the authentication phase and should be marked as either optional or required (I suggest using optional to prevent getting locked out in case of bugs)

Modify the targeted service in /etc/pam.d/ (such as /etc/pam.d/sudo) as explained:

auth     optional
auth     sufficient

Make sure you have the module installed. For further information, see reattach_aqua(3), pam_reattach(8) and reattach-to-session-namespace(8).


The module is built using CMake. Enter the following commands into your command prompt in the directory in which you intend to build the module:

$ make
$ make install


Make sure you keep the generated install_manifest.txt file in the build folder after installation. Run the following command in your command prompt to remove the installation from your system:

$ xargs rm < install_manifest.txt

In case you lost install_manifest.txt, this is a list of files that are installed:


Enabling Touch ID authorization for sudo

To enable Touch ID authorization for sudo, please see this article.

Additional Tools

Additionally, one can build a reattach-to-session-namespace command line utility by specifying the -DENABLE_CLI=ON option when calling CMake.

This command allows you to reattach to the user's session namespace from the command line. See reattach-to-session-namespace(8)


The code is released under the MIT license. See LICENSE.txt.

You can’t perform that action at this time.