/pam_touchid

A PAM module for authentication with Touch ID
  1. Objective-C 100.0%
Switch branches/tags
Nothing to show
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
pam_touchid.xcodeproj Initial Commit Nov 20, 2016
pam_touchid Initial Commit Nov 20, 2016
LICENSE Added license Nov 20, 2016
README.md Corrected typo Nov 20, 2016
screenshot.png Initial Commit Nov 20, 2016

README.md

A PAM module for authentication with Touch ID.
alt

The module takes an optional parameter: "reason".
Its value will be shown in the dialog presented to the user.
If the argument is omitted, generic text is used.

Warning:
Do not procede unless you're 1,000,000% sure what you're doing.
If you're only 999,999% sure, then turn back now.

Installation

  1. Build the project
  2. Copy pam_touchid.so.2 to /usr/local/lib/pam/ and set:
    • Permissions: 444
    • Owner: root
    • Group: wheel

Configuring sudo to use it

  1. Open up/etc/pam.d/sudo in your favourite text editor
  2. Add auth sufficient pam_touchid.so reason="execute a command as another user" to the top of the file

The procedure is pretty much the same for any other process, but you'd edit a different config file and probably change the reason too.

If you get locked out of sudo

  1. Feel bad that you lied about being 1,000,000% sure what you're doing
  2. Enable the root user through system preferences and use su to put the config file back