sudo-touchid
sudo-touchid copied to clipboard
mattrajca
macOS already supports this
Although this is a cool project, if you add the following line to the top of /etc/pam.d/sudo there is no need to replace sudo:
auth sufficient pam_tid.so
It might be nice to point this out in the README.
Wow, thanks for the tip! Been using this since I got my MacBook, cool to see a native solution exists.
You're right to point out that macOS already supports TouchID with sudo, but to do so requires a system config change (editing your /etc/pam.d/sudo file).
~~This means that you will not be able to use sudo when SSHing in, because you can't send your fingerprint through the internet~~
Also, I'd generally lean towards avoiding editing core system config files if possible, but that's just my personal opinon! The way I use this project is by building the binary with a different name (I personally use lucasudo :wink:) and sticking it in /usr/local/bin. Doing this means I'm not overriding my system's sudo, which imo is a safer option - and allows me to continue using sudo over SSH.
This is down to personal preference really, but I completley agree that pointing out both options in the readme would be a good idea.
@lucasjohnston You can still use sudo over ssh even if you enable this, since pam_tid.so in the example above is marked as "sufficient". I.e. it is allowed to fail and the authentication mechanism will happily fall through to the next module.
