Use Touch ID to authenticate sudo in Terminal

If your Mac has Touch ID, you can use it to authenticate sudo commands in Terminal instead of typing your password every time.

How to set it up

Edit the PAM configuration for sudo:

sudo nano /etc/pam.d/sudo_local

Add this line at the top of the file:

auth       sufficient     pam_tid.so

Save and close. The next time you run a sudo command, your Mac will prompt for Touch ID instead of a password.

Why sudo_local?

Older guides tell you to edit /etc/pam.d/sudo directly, but macOS can overwrite that file during updates. Since macOS Sonoma, Apple provides /etc/pam.d/sudo_local specifically for your custom changes. This file survives updates.

Does it work with tmux?

By default, Touch ID does not work inside tmux sessions. If you use tmux, install the pam-reattach module via Homebrew:

brew install pam-reattach

Then add this line to your sudo_local file, before the pam_tid.so line:

auth       optional       /opt/homebrew/lib/pam/pam_reattach.so

After that, Touch ID works in tmux as well.

Enjoyed this post?

Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.

Tags