pam-sudo-touch-id

The new MacBook Pro features a Touch ID sensor. Now that the machine is in the hands of developers it was about time someone would figure out a way to use the feature for system related things other than login authentication and Apple Pay. iOS Developer Hamza Sood has created a PAM (Pluggable authentication module) module that enables users (read: power users, who know what they are doing) to add Touch ID authentication for Terminal commands like sudo.

While the example Hamza has used involves the sudo Terminal command it potentially can also be used for other Terminal commands. This adds a level of security to Terminal that will require the user to scan his or her fingerprint using the Touch ID sensor before a command is executed. The developer has also shared installation instructions on GitHub that we are going to share below. Please note that this hack is meant for advanced users only, so if you are not sure what all of this is about it is better to stay away.

Also read: Try MacBook Pro’s Touch Bar On Your Current MacBook With This App

Installation

  1. Build the project
  2. Copy pam_touchid.so.2 to /usr/local/lib/pam/ and set:
    • Permissions: 444
    • Owner: root
    • Group: wheel

Configuring sudo to use it

  1. Open up/etc/pam.d/sudo in your favourite text editor
  2. Add auth sufficient pam_touchid.so reason="execute a command as another user" to the top of the file

The process is pretty much the same for any other process, but you’d edit a different config file and probebly change the reason too.

(Github/HamzaSood – Thanks Jawad)


Tags: , , , , , ,