After the recent switch to https://github.com/samoshkin/tmux-config, I have been fully working under tmux sessions. Recently I found that the Touch ID authentication for sudo haven't been working. I searched over the Internet and found out pam_tid.so itself is kinda incompatible with tmux.
To solve this, I had to use a simple hack (someone made the solution for us, thanks!). I use https://github.com/fabianishere/pam_reattach, a PAM module for reattaching to the authenticating user's per-session bootstrap namespace on macOS, and it's updated just 18 days ago as the time of writing!
To install pam_reattach:
$ brew install fabianishere/personal/pam_reattachUltimately, make sure /etc/pam.d/sudo looks like this in the beginning of file:
auth optional pam_reattach.so
auth sufficient pam_tid.so
...Equivalent command line:
$ sudo sed -i '' -e '/^#/a\'$'\n''auth sufficient pam_tid.so' /etc/pam.d/sudo(Note that on major macOS updates you need to re-do this again.)
References #
- https://github.com/fabianishere/pam_reattach
- https://apple.stackexchange.com/questions/259093/can-touch-id-for-the-mac-touch-bar-authenticate-sudo-users-and-admin-privileges/306324#306324
- https://superuser.com/questions/1342926/sudo-with-auth-sufficient-pam-tid-so-does-not-work-with-tmux/1348180