A simpler method for using Touch ID with `sudo` #27

raylas · 2017-11-17T17:56:04Z

On Touch ID enabled MacBook Pros add the following line to the top of /etc/pam.d/sudo:

auth sufficient pam_tid.so

Not sure how new/recent this is capability is, but I thought it might be of interest to this repo.

The text was updated successfully, but these errors were encountered:

serverwentdown · 2017-11-20T11:52:14Z

wow gonna switch to this tonight.

serverwentdown · 2017-11-20T14:27:39Z

wow yes it does the trick! amazing.

tomlobato · 2017-11-28T22:52:55Z

amazing!

the next level is to have remote ssh touch id support :)
ssh me@mysrv
me@mysrv $ sudo su <-- touch
root@mysrv #

noomorph · 2017-11-29T06:35:49Z

It is a clear winner method. Kudos to @raylas !

raylas · 2017-11-29T19:26:53Z

Glad to shed some light on it. I've used sudo-touchid for a while now and I'm still thankful for the work this repo has done!

Now to tackle Touch ID for ssh private key auth like @tomlobato mentioned...

raylas · 2017-12-06T19:04:18Z

@tomlobato found this repo/agent that allows you to use Touch ID and a key stored in the secure enclave to authenticate to SSH servers:

tomlobato · 2017-12-06T19:17:50Z

Awesome. Tks @raylas!

hu13 · 2018-10-24T20:46:34Z

is there a way to make it work for su?

auth sufficient pam_tid.so doesn't.

raylas closed this as completed Nov 29, 2017

Provide feedback