Hacker News new | past | comments | ask | show | jobs | submit login

> Keep in mind that this file is somewhat protected by macOS so after each OS update you will need to add the line to the file. Other than that, it works perfectly!

TIL, I wondered why every time I did this it would reset after a while. Thanks!




I added this to my `.bashrc`:

    if ! grep -q "pam_tid.so" /etc/pam.d/sudo ; then
      echo "touch ID no longer enabled for sudo. Insert the following line as line 2 in /etc/pam.d/sudo:"
      echo "  auth   sufficient  pam_tid.so  # enables touch id auth for sudo"
    fi


I've been wanting to write a simple script or app that just runs on startup to check for and fix this, but I've been so lazy. It is just too easy to edit the file and move on...


I'm even lazier, stole another commenter's script and just have it run on reboot.

Is it idempotent? No, every reboot it adds the line again. Doesn't appear to matter though.


I would never be so cavalier about a security related thing such as this.

See my other reply on this thread.


I use nix-darwin to automate that.


More details please.


nix-darwin currently does not support that directly, but there is an open PR to fix that. For my dotfiles, I added the module from the PR with some slight modifications. You can find the code below.

https://github.com/shinzui/dotfiles.nix/blob/master/modules/...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: