Devices listed below have fingerprint scanner (Touch ID) to simplify login process but this is not exposed in Terminal.app. So each time you run commands with elevated privileges you need to type in your password.
Compatibility list:
- MacBook Air (13-inch, M3, 2024)
- MacBook Air (15-inch, M3, 2024)
- MacBook Air (15-inch, M2, 2023)
- MacBook Air (13-inch, M2, 2022)
- MacBook Air (M1, 2020)
- MacBook Pro (13‑inch, M2, 2022)
- MacBook Pro (13-inch, M1, 2020)
- MacBook Pro (14‑inch, 2023)
- MacBook Pro (14‑inch, 2021)
- MacBook Pro (16‑inch, 2023)
- MacBook Pro (16-inch, 2021)
- iMac (24-inch, M3, 2023)
- iMac (24-inch, M1, 2021)
- Mac Studio (2023)
- Mac Studio (2022)
- Mac mini (2023)
- Mac mini (M1, 2020)
- Mac Pro (2023)
Magic Keyboard's Touch ID functionality is compatible with the following MacBook/iMac models:
- MacBook Air (M1, 2020)
- MacBook Pro (13", M1, 2020)
- MacBook Pro (14", 2021)
- MacBook Pro (16", 2021)
- iMac (24", M1, 2021)
- Mac mini (M1, 2020)
Please note that the keyboard will still pair and function with devices older than those listed, but that Touch ID functionality will not be enabled.
Setup PAM module to use Touch ID:
To allow Touch ID on your Mac to authenticate you for sudo access instead of a password prompt you need to do the following simple changes.
Open Spotlight:
Type terminal in Spotlight input field and open it:
Open Terminal:
Switch to the root user.
Switch to the root user by typing the command sudo su - and enter the password:
sudo su -
Edit /etc/pam.d/sudo:
Open the /etc/pam.d/sudo file with you favorite editor such as vim or nano:
nano /etc/pam.d/sudo
The contents of this file should look like one of the following example:
Add the following line to the top of the file:
auth sufficient pam_tid.so
The modified contents of /etc/pam.d/sudo file should look like following example:
Save the file:
- for nano, press the specified combination (with sign “+”) of keys simultaneously: ```bash
CTRL+o
CTRL+x
* for vim:
```bash
<ESC>
:wq
Allow the system to save the changes.
Press OK button:
Also note that pam_smartcard.so may not be present on older MacOS versions. Tested with macOS Ventura (13.1).
Exit from the shell.
Exit from the root shell by typing command: exit.
Try to use sudo, and you should be prompted to authenticate with Touch ID as shown below.
sudo echo "Check Touch ID"
If you click ‘Cancel,’ you can just enter your password at the terminal prompt. If you click ‘Use Password’ you can enter your password in the dialog box.
If you connect to your macOS via SSH, it will revert to using your password, since you cannot send Touch ID fingerprints over SSH.
Note: Recent MacOS updates may remove the entry. If Touch ID stops working for
sudothen check if the entry was removed and add it back in, following these instructions again.
F.A.Q.
Does it work with Warp terminal?
- Yes, additional settings are not required.
Does it work with iTerm2?
- Yes, but additional settings may be required.
If you are using iTerm2 (v3.2.8+), you may have noticed that Touch ID does not work with sudo in the terminal, even though you have done the pam_tid.so modification above and it worked in earlier versions. This is due to an advanced feature that seems to be enabled by default now - it needs to be disabled here: iTerm2->Preferences > Advanced > Allow sessions to survive logouts and logins.
Top comments (2)
Awesome! Thanks for that!
That's neat!