Skip to content

Instantly share code, notes, and snippets.

@yinheli

yinheli/Enable-Touch-ID-for-sudo.md

Last active February 6, 2026 01:49
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save yinheli/56e221c2da619e699ee28d773e17d762 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save yinheli/56e221c2da619e699ee28d773e17d762 to your computer and use it in GitHub Desktop.
Download ZIP
Enable Touch ID for sudo on macOS
Raw
Enable-Touch-ID-for-sudo.md

Enable Touch ID for sudo on macOS

macOS supports using Touch ID to authenticate sudo commands instead of typing your password.

Setup

Create or edit /etc/pam.d/sudo_local:

sudo vim /etc/pam.d/sudo_local

Add the following content:

# sudo_local: local config file which survives system update and is included for sudo
auth       sufficient     pam_tid.so

That's it! Your next sudo command will prompt for Touch ID.

Why sudo_local instead of sudo?

The sudo_local file is specifically designed to survive macOS system updates. The main /etc/pam.d/sudo file may be overwritten during OS upgrades, but sudo_local is included by the main file and preserved.

Limitations

Touch ID does not work inside tmux sessions. This is because tmux creates a separate process tree that doesn't have access to the Security Session required for Touch ID authentication. When using tmux, you'll need to fall back to password authentication.

Workaround for tmux

You can use pam-reattach to make Touch ID work in tmux:

# Install via Homebrew
brew install pam-reattach

# Update /etc/pam.d/sudo_local
auth       optional       /opt/homebrew/lib/pam/pam_reattach.so
auth       sufficient     pam_tid.so

Note: The path may differ on Intel Macs (/usr/local/lib/pam/pam_reattach.so).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment