Enabling Touch ID authentication for sudo on macOS Sonoma
2023-10-15 02:6:28 Author: derflounder.wordpress.com(查看原文) 阅读量:12 收藏

Home > Mac administration, macOS, Scripting > Enabling Touch ID authentication for sudo on macOS Sonoma

Enabling Touch ID authentication for sudo on macOS Sonoma

Since the release of macOS High Sierra, it has been possible to enable Touch ID authentication for the sudo tool. However, the necessary modifications needed to be re-applied after every update to macOS because the modified file would get overwritten with the OS’s default values each time macOS was updated.

As of macOS Sonoma though, this modification can now be persistent. Apple included the following note as part of the the What’s new for enterprise in macOS Sonoma KBase article:

Touch ID can be allowed for sudo with a configuration that persists across software updates using /etc/pam.d/sudo_local. See /etc/pam.d/sudo_local.template for details.

Screenshot 2023 10 14 at 1 43 01 PM

When examined on macOS Sonoma 14.0.0, the contents of the /etc/pam.d/sudo_local.template file are as shown below:


Copying the /etc/pam.d/sudo_local.template file to /etc/pam.d/sudo_local and uncommenting the indicated line allows Touch ID to work for authentication to the sudo tool.

Screenshot 2023 10 14 at 1 40

To assist with the process of enabling and disabling Touch ID authentication for the sudo tool, I’ve written a couple of scripts. For more details, please see below the jump.

The scripts are available via the link below:

https://github.com/rtrouton/rtrouton_scripts/tree/main/rtrouton_scripts/enable_and_disable_touch_id_for_sudo

There are two scripts available at the above location:

Both scripts are set to check if they are being run on macOS Sonoma or later, and will exit with a message if they are run on an earlier version of macOS.


文章来源: https://derflounder.wordpress.com/2023/10/14/enabling-touch-id-authentication-for-sudo-on-macos-sonoma/
如有侵权请联系:admin#unsafe.sh