Stop asking for my password dude!

Stop asking for my password dude!

  • Til
  • May 2, 2023

It’s been a while since I discovered the ability to use Touch ID to authenticate sudo commands on my Mac. The idea is simple: instead of typing your password every time you need to run a command as a superuser, you can use your fingerprint to authenticate.

There are some security concerns about using the Touch ID in general (e.g. someone can force you to unlock your Mac with your fingerprint or gather your fingerprints from a glass… or furniture), but I think it’s a good trade-off between security and convenience.

Moreover, if you use it anyway it should not be a big deal.

So how to enable it?

It’s pretty simple. You just need to edit (as the superuser) the /etc/pam.d/sudo file:

# Make a backup of the file first
$ sudo cp /etc/pam.d/sudo ~/etc/pam/sudo.bak

# Edit the file
$ sudo vim /etc/pam.d/sudo

and add auth sufficient pam_tid.so at the top of the file. It should look like this:

auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Then make sure that your changes have been saved, and you exit the editor. Once you’ve done that, you can test it by running any sudo command (the best way to do it is to open a new terminal window).

Why I’m writing about it?

The problem is that every time you update your Mac, the /etc/pam.d/sudo file is overwritten and you need to edit it again. It’s not a big deal, but it’s annoying.

What I have learned?

Nothing new, or maybe not much.. technically, however:

  • First - I wrote this post for myself, so I can find it easily and do it quickly.
  • Second - This typing helps me to remember it (so hopefully today I did a step to remember it better).

P.S. I hope that this short “article” will help someone else, and I promise to add some automation follow-up in the next post.

P.P.S. You can find more information about other awesome macOS command line features below:

BTW Thanks to NetworkChuck for this video!

Related Posts

Say hello to Google Gemini models... or rather prepare for it

Say hello to Google Gemini models... or rather prepare for it

This is probably another day the whole industry was waiting for. Google has just released presented a new model called Gemini. After the PaLM 2 releases (with Gecko, Otter, Bison, and Unicorn models) in May 2023, Gemini was announced as the breakthrough in the field of generative AI (at least for Google in the global competition with OpenAI, Facebook, and the others).

Read More
Top 10 Linux commands you must... no, this is not that kind of article

Top 10 Linux commands you must... no, this is not that kind of article

Knowing Linux and its commands is the foundation of every DevOps engineer. For devs guys that came to DevOps with a… dev background ;) it might be a bit challenging to remember all of them, as they were not using them on a daily basis - at least not as often as the Linux sysadmins. The all of them is a bit misleading, and the truth is that every person has their own set of tools in the Swiss Army Knife - sometimes it is a bit bigger, sometimes smaller - but it is always more about being able to place them in the context of your work rather than remember tons of manuals and help pages.

Read More
Grok 1 on the market

Grok 1 on the market

A few days ago (November 4, 2023) Elon Musk introduced the Grok, a new AI chatbot created by his company xAI, which is described as “entertaining and rebellious”.

Read More