Ever Trend Zone evertrendzone security byte exclusively brings you Mosyle, the only Apple integrated platform. Simply work your Apple device and create an enterprise safe. Our unique integrated approach to management and security combines fully automated hardening and compliance, next-generation EDR, AI-powered Zero Trust, and cutting-edge Apple-specific security solutions for exclusive privilege management with the most powerful and modern Apple MDM on the market. As a result, the fully automated Apple Unified platform, currently trusted by over 45,000 organizations, can make millions of Apple devices work at an affordable cost. Request an extension test Understand why Mosil is everything you need to work with Apple today.
One of the greatest benefits of Touch ID on Mac is that it rarely involves entering your password when making a purchase, signing in to the app, or of course unlocking your device. At this point, it may be an ancient technology for the iPhone, but it remains the default luxury for Macs. If you use the terminal frequently, it’s nice to know that you can authenticate as an administrator using a touch ID for all sudo goodness with a single tap.
The ability to use a Touch ID for sudo has been around for years. Setup takes 60 seconds and requires one edit to the MacOS system configuration file. The pain goes, up to Sonoma, Apple will have to revert these changes back to each new release of MacOS, and users will need to enter their SUDO password again to authenticate. We’ll show you how to implement Sudo’s Touch ID in a way that is not overwritten.
As a reminder, Apple stores Touch ID data in the same way as Face ID. It is handled by a secure enclave only when necessary on devices with AES-256 encryption. It will not be sent to an Apple server or backed up to iCloud. In fact, the data does not even have access to the operating system. Secure Enclave simply returns “Yes” or “No” if the authentication is successful.
How to enable sudo touch ID
I’m using a MacOS Sequoia 15.4, which works on any version of MacOS after 10.15 Catalina for Mac with that magic fingerprint sensor in the top right of the keyboard. I’m using a terminal, and this should also work with an emulator that supports pluggable authentication modules (PAM).
1. Copy and create a new configuration file
First, copy the default template configuration file provided by Apple and create a new one called sudo_local. Copy the template file instead of directly modifying it so that it won’t be overwritten when the MacOS version is dropped.
sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local
2. edit sudo_local file
Next, open the newly created one sudo_local File in your favorite text editor. Nano is my favorite (:
sudo nano /etc/pam.d/sudo_local
In the file, excludes the lines that are contained pam_tid.so Delete #. Press Allow at the system prompt that may appear.
4. Touch, please check
that’s it! So let’s make sure it works. Open a new terminal session and run it sudo Command to test setup. Now instead of entering the system password, you’ll get prompted to use the touch ID to use the touch ID. Just comment and you can return to entering your password auth Lines not announced in step 3.
enjoy! 😌
fIn Ollow: Twitter/xLinkedIn, Threads
(TagStoTRASSLATE) Security (T) Security Byte (T) Terminal
