Enable support for sudo via Apple Watch and Touch ID

auto_sudo_via_watch_and_tid.sh

#! /bin/bash

APPLE_WATCH_PAMID_LIBPATH=/usr/local/lib/pam/pam_watchid.so.2
APPLE_WATCH_PAMID_URL=https://github.com/msanders/pam-watchid
APPLE_WATCH_PAMID_PATH=$HOME/src/pamid-applewatch
enable_sudo_with_apple_watch_and_touch_id() {
  trap 'popd' EXIT INT HUP

  enable_apple_watch() {
    if ! test -f $APPLE_WATCH_PAMID_LIBPATH
    then
      if ! test -d $APPLE_WATCH_PAMID_PATH
      then
        git clone $APPLE_WATCH_PAMID_URL $APPLE_WATCH_PAMID_PATH
      fi
      >&2 printf "${BGreen}INFO${NC}: Installing Apple Watch sudo extension. Enter your \
password when prompted.\n"
      (cd $APPLE_WATCH_PAMID_PATH && sudo make install )
    fi
    if ! grep -q "pam_watchid.so" /etc/pam.d/sudo
    then
      >&2 printf "${BGreen}INFO${NC}: Enabling Apple Watch sudo extension. Enter your \
password when prompted.\n"
      sudo sed -i.bak '1s/^/auth    sufficient      pam_watchid.so    "reason=execute command as root"\n/' \
        /etc/pam.d/sudo
    fi
  }
  enable_touchid() {
    if ! grep -q "pam_tid.so" /etc/pam.d/sudo
    then
      >&2 printf "${BGreen}INFO${NC}: Enabling Touch ID sudo extension. Enter your \
password when prompted.\n"
      sudo sed -i.bak  '1s/^/auth    sufficient      pam_tid.so    "reason=execute command as root"\n/' \
        /etc/pam.d/sudo
    fi
  }
  enable_apple_watch && enable_touchid
}


enable_sudo_with_apple_watch_and_touch_id

Another somewhat related gist.