Enable sudo touch id on macOS

edit `/etc/pam.d/sudo` file, put follow text at the beginning of the file.

auth sufficient pam_tid.so

Now, you can use touchid instead of password in normal terminal.

if you want to use touchid with tmux, you should also install pam_reattach module.

git clone https://github.com/fabianishere/pam_reattach
cd pam_reattach && mkdir build && cd build
cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr/local ..
make
sudo make install

Then, edit /etc/pam.d/sudo file, put the follow text at the beginning of the file.

auth optional pam_reattach.so

The result sudo file should be as following:

# sudo: auth account password session
auth optional pam_reattach.so
auth sufficient pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Note that the latest macOS 14 (Sonoma) have a simple way to enable touchid for sudo

create a new file /etc/pam.d/sudo_local
add following text to the file

# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
auth       sufficient     pam_tid.so

edit /etc/pam.d/sudo file, put follow text at the beginning of the file.

if you want to use touchid with tmux, you should also install pam_reattach module.

Note that the latest macOS 14 (Sonoma) have a simple way to enable touchid for sudo

edit `/etc/pam.d/sudo` file, put follow text at the beginning of the file.