Skip to content

Make sudo authenticate with Touch ID in a tmux session

After the recent switch to https://github.com/samoshkin/tmux-config, I have been fully working under tmux sessions. Recently I found that the Touch ID authentication for sudo haven’t been working. I searched over the Internet and found out pam_tid.so itself is kinda incompatible with tmux.

To solve this, I had to use a simple hack (someone made the solution for us, thanks!). I use https://github.com/fabianishere/pam_reattach, a PAM module for reattaching to the authenticating user’s per-session bootstrap namespace on macOS, and it’s updated just 18 days ago as the time of writing!

To install pam_reattach:

$ brew install fabianishere/personal/pam_reattach

Ultimately, make sure /etc/pam.d/sudo looks like this in the beginning of file:

auth     optional    pam_reattach.so
auth     sufficient   pam_tid.so
...

Equivalent command line:

$ sudo sed -i '' -e '/^#/a\'$'\n''auth       sufficient     pam_tid.so' /etc/pam.d/sudo

(Note that on major macOS updates you need to re-do this again.)

References #