Thursday, January 23, 2025

command line – How can I enable the Touch ID prompt instead of system password for sudo when other apps allow touch?

I’m running a fresh install of Sequoia, currently a macOS Sequoia 15.0.1 arm64 on MacBook Pro (14-inch, 2021) with Touch ID.
I tried to enable Touch ID for sudo and the config files now look like:

cat /etc/pam.d/sudo
# sudo: auth account password session
auth       include        sudo_local
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

and

cat /etc/pam.d/sudo_local
# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
auth       sufficient     pam_tid.so

This does direct the authentication request to the system, instead of the Terminal password prompt. But now I get a system password prompt and not the desired Touch ID prompt.

enter image description here

Touch ID does work. Other prompts also require my fingerprint. This seems to be specific to the Terminal.

Any suggestions on how to solve this are welcome.

Update: This behaviour only happens when my MacBook is docked to my Dell USB display. One it’s undocked everything works as expected…

Related Articles

Latest Articles