Camilo Martinez

Posted on Oct 8, 2019 • Edited on Feb 7

How to use MacOS's Touch ID on Terminal

#macos #productivity #hacks

I know... use a fingerprint scanner and never come back. No need to write passwords, pins or patterns. But on the terminal when we use the magic word sudo ask for your password... yuck!!!

Don't worry. It can be solved easily because with macOS Sonoma, there is now a supported option to enable Touch ID for sudo:



sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local
sudo nano /etc/pam.d/sudo_local

Uncoment the last line of the file by removing the # from the start of the line.



# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
auth       sufficient     pam_tid.so

Save changes with ctrl+x and overwritte the file.

Extra

On the default terminal works like a charm, but on iTerm2 needs an extra configuration. Go to Prefs -> Advanced -> Allow sessions to survive logging out and back in and set the value to no.

Restart and enjoy it.

That's All Folks!
Happy Coding 🖖

Top comments (20)

kychanbi • Jul 25 '22 • Edited

There is an extra step needed for some guys using display docks.
I followed the above steps, but got GUI password prompt instead of touchID

After I ran this. It works prefect now.
defaults write com.apple.security.authorization ignoreArd -bool TRUE

source: apple.stackexchange.com/questions/...

Elvis McNeely • Dec 5 '22

Thanks! After applying this (and the instructions from the author) I started to get the biometric password prompt.

Diego • Jun 10 '22

Awesome. Works!

Daiyrbek Artelov • Feb 10 '23

After each macOS update the file is reset to initial state. Is it possible to somehow automate this process? So after each update some script will run to append the line in the file?

Ilja Reznik • Jun 7 '23

this is what I use as an alias in my shell
alias enable-fingerprint="sudo sed -i '1 i\auth sufficient pam_tid.so' /etc/pam.d/sudo"

just make sure that u use gnu-sed (at least that is what I tried)

Daiyrbek Artelov • Jun 13 '23

I have tried your approach but with no success. Mine was standard macOS' sed and it requires additional params '' after -i. Anyway I found working variant:

alias fingerprinton="sudo sed -i '' '1s;^;auth sufficient pam_tid.so\n;' /etc/pam.d/sudo"

Anyway thank you

Ilja Reznik • Jun 13 '23

that can be cause the gnu-sed and macos' sed are not the same. Nice that you got it to work

Camilo Martinez • Feb 11 '23

Maybe with some bash/zsh script.

Miguel Tineo • Oct 26 '21

Just perfect! 👏

Andrés Reyes Galgani • Mar 9 '20

Gracias amigo y ¡¡Viva Colombia!!

Saludos desde Chile 🇨🇱

Camilo Martinez • May 14 '20

Con gusto Andrés!

Moataz Elmasry • Dec 7 '20

Many thanks. Works great!!!

Brett Stevenson • Jul 17 '20

This is great! Just what I was looking for!

phantomfactotum • Jun 24 '20

Bless your soul

Ben Halpern • Oct 8 '19

Really slick UX here

Sethu Senthil • May 25 '21

Is there a way to make this work on the VS Code integrated terminal?

Camilo Martinez • Aug 17 '22

I used to have this configuration, and also works on VS Code.

{
    "terminal.external.osxExec": "iTerm.app",
    "terminal.integrated.fontFamily": "MesloLGS NF",
    "terminal.integrated.fontSize": 14,
    "terminal.integrated.shell.osx": "zsh",
    "terminal.integrated.shellIntegration.enabled": true,
}