Thomas' Tech Tips

Enable Touch ID for sudo in macOS

15 March 2025 - Thomas Damgaard

MacOS supports using Touch ID for sudo since Sonoma.

To enable Touch ID authentication for sudo, add this line to /etc/pam.d/sudo_local

auth       sufficient     pam_tid.so

See example in: /etc/pam.d/sudo_local.template

If you use DisplayLink, it will still prompt you for password. To fix this, run:

defaults write com.apple.security.authorization ignoreArd -bool TRUE

Note: Invoking sudo from inside a tmux session will still prompt for password. Supposedly, this project can be used to fix this, although I have not tested it myself: https://github.com/fabianishere/pam_reattach

Filed under: apfs, apple, howto, macos, security, sudo, tips

Back to article list