macOS: sudo with touch ID: survive upgrades

Recent macbooks have a fingerprint reader, which is typically used to unlock the computer and log in.

It is also possible to use it for sudo authentication via PAM.

This was previously covered here.

Now, with macOS Sonoma, it’s also possible to make this setting survive OS upgrades.

% sudo cp /etc/pam.d/sudo_local{.template,}
% sudo $EDITOR /etc/pam.d/sudo_local

Then uncomment (or add, if not existing) the following line:

auth       sufficient     pam_tid.so

You can test it out by opening a new terminal and executing sudo echo.

Credits: https://sixcolors.com/post/2023/08/in-macos-sonoma-touch-id-for-sudo-can-survive-updates/