This directory contains two subdirectories: touchid and watchid, each with their own PAM plugins for authentication using biometric information on macOS for sudo and su.
TL;DR: Build and install both plugins with the following commands:
./install.sh all——— or ———
make all sudo make install sudo make install_pam
To build both plugins (touchid and watchid) at once, follow these steps:
-
Run the following command:
$ make allThis command will build the PAM plugins in both subdirectories simultaneously.
-
Run the following command:
$ sudo make installThis command will install the PAM plugins in both subdirectories simultaneously, i.e. copy them to
/usr/local/lib/pam. -
Run the following command:
$ sudo make install_pamThis command will add the necessary PAM configuration to
/etc/pam.d/sudoand/etc/pam.d/suto enable the PAM plugins in both subdirectories simultaneously.
To build a single plugin, append the name of the plugin to the make commands above.
./install.sh touchid——— or ———
make touchid
sudo make install_touchid
sudo make install_pam_touchid./install.sh watchid——— or ———
make watchid
sudo make install_watchid
sudo make install_pam_watchidTo uninstall a plugin, remove the corresponding PAM configuration from /etc/pam.d/sudo and /etc/pam.d/su (e.g. via sudo -e /etc/pam.d/su[do]), and remove the .so plugin from /usr/local/lib/pam.
This can be done automatically by running the following command:
./uninstall.sh [all|touchid|watchid]This repository contains these two PAM plugins for macOS:
A PAM plugin for authenticating using biometric information (Touch ID) written in Swift.
Based on Reflejo/pam-touchID.
A PAM plugin for authenticating using the new kLAPolicyDeviceOwnerAuthenticationWithBiometricsOrWatch API in macOS 10.15, written in Swift.
Based on biscuitehh/pam-watchid.